Currently viewing ATT&CK v8.2 which was live between October 27, 2020 and April 28, 2021. Learn more about the versioning system or see the live site.
MITIGATIONS
Enterprise
Restrict Web-Based Content
Mobile
MITIGATIONS
Enterprise
A-C
D-F
G-I
No mitigations
J-L
M-O
P-R
S-U
V-X
Y-Z
No mitigations
Mobile
A-C
D-F
G-I
J-L
M-O
No mitigations
P-R
No mitigations
S-U
V-X
No mitigations
Y-Z
No mitigations
  1. Home
  2. Mitigations
  3. Account Use Policies

Account Use Policies

Configure features related to account use like login attempt lockouts, specific login times, etc.

ID: M1036
Version: 1.0
Created: 11 June 2019
Last Modified: 13 June 2019

Techniques Addressed by Mitigation

Domain ID Name Use
Enterprise T1110 Brute Force

Set account lockout policies after a certain number of failed login attempts to prevent passwords from being guessed. Too strict a policy may create a denial of service condition and render environments un-usable, with all accounts used in the brute force being locked-out.
.001 Password Guessing

Set account lockout policies after a certain number of failed login attempts to prevent passwords from being guessed. Too strict a policy may create a denial of service condition and render environments un-usable, with all accounts used in the brute force being locked-out.
.003 Password Spraying

Set account lockout policies after a certain number of failed login attempts to prevent passwords from being guessed. Too strict a policy may create a denial of service condition and render environments un-usable, with all accounts used in the brute force being locked-out.
.004 Credential Stuffing

Set account lockout policies after a certain number of failed login attempts to prevent passwords from being guessed. Too strict a policy may create a denial of service condition and render environments un-usable, with all accounts used in the brute force being locked-out.