Mitigation-page

Foundational Mitigations

  • MID-001: Software Only Bootloader Authentication
  • MID-004: Memory Hardening Against Code Injection
  • MID-010: No Runtime OS Driver Load
  • MID-011: OS Driver/Peripheral Authentication
  • MID-012: OS-based Access Control Mechanisms
  • MID-013: Process and Thread Memory Segmentation
  • MID-016: Least Functionality
  • MID-017: Security-relevant Auditing and Logging
  • MID-018: Require Authentication for Privileged Functions
  • MID-021: VM Hardening
  • MID-026: Secure Firmware Update
  • MID-027: Validated Cryptographic Libraries
  • MID-030: Firmware Rollback Protections
  • MID-031: Physical Presence Validation
  • MID-032: System Service Availability Manager
  • MID-034: Authenticate Network Messages
  • MID-035: Encrypt Network Traffic
  • MID-036: Cryptographic Nonces
  • MID-037: Network Timestamps
  • MID-038: Authenticate for Administrative Actions
  • MID-039: Restrict Software Diagnostic Functions
  • MID-041: Cryptographically Signed Vendor-supplied Programs
  • MID-042: Device Checks Consistency Between Binary/Running Code and Textual Code
  • MID-043: Manage Default Login Credentials
  • MID-044: Strong Cryptographic Algorithms and Protocols
  • MID-046: Authentication Attempts Timeouts and Lockouts
  • MID-047: Sufficient Entropy for Keys
  • MID-049: Secure Password Storage
  • MID-050: Operating System Defenses Against Microarchitecture Feature Side Channels
  • MID-051: Disallow User-Provided Code
  • MID-052: Physically Protect Circuit Board Traces and Chip Pins
  • MID-054: Encrypt and Authenticate Non-volatile Storage Contents
  • MID-056: Allow Device Administrators to Disable Removable Storage Support
  • MID-057: Disable Physical Development and Debugging Ports
  • MID-058: Engage Hardware Readout Protection Mechanisms
  • MID-071: Sanitized and Escaped User Data for Web Applications
  • MID-072: Parameterized SQL Queries
  • MID-073: Secure HTTP Session Management
  • MID-074: Cross Site Request Forgery Mitigations
  • MID-075: Path Traversal Protections
  • MID-076: Web Direct Object Reference Authentication
  • MID-077: Secure Deserialization
  • MID-078: HTTP Request/Response Validation
  • MID-079: Remove Undocumented Network Functionality
  • MID-080: Network Request Processing Limits
  • MID-083: Network Firewall/Access Control List