Skip to content


Mitigations represent security concepts and classes of technologies that can be used to prevent a technique or sub-technique from being successfully executed.

ID Name
MS-M9001 Multi-factor authentication
MS-M9002 Restrict access to the API server using IP firewall
MS-M9003 Adhere to least-privilege principle
MS-M9004 Secure CI/CD environment
MS-M9005 Image assurance policy
MS-M9006 Enable Just In Time access to API server
MS-M9007 Network intrusion prevention
MS-M9008 Limit access to services over network
MS-M9009 Require strong authentication to services
MS-M9010 Restrict exec commands on pods
MS-M9011 Restrict container runtime using LSM
MS-M9012 Remove tools from container images
MS-M9013 Restrict over permissive containers
MS-M9014 Network segmentation
MS-M9015 Avoid running management interface on containers
MS-M9016 Restrict file and directory permissions
MS-M9017 Ensure that pods meet defined Pod Security Standards
MS-M9018 Restricting cloud metadata API access
MS-M9019 Allocate specific identities to pods
MS-M9020 Collect logs to remote data storage
MS-M9021 Restrict the usage of unauthenticated APIs in the Cluster
MS-M9022 Use managed secret store
MS-M9023 Remove unused secrets from the cluster
MS-M9024 Restrict access to etcd
MS-M9025 Disable service account auto mount
MS-M9026 Avoid using plain text credentials
MS-M9027 Use NodeRestriction admission controller
MS-M9028 Use CNIs that are not prone to ARP poisoning
MS-M9029 Set requests and limits for containers
MS-M9030 Use cloud storage provider
MS-M9031 Implement data backup strategy
MS-M9032 Avoid using web-hosted manifest for Kubelet