SC-44: Detonation Chambers
CSF v1.1 References:
- NIST Special Publication 800-53 Revision 5:
- SC-44: Detonation Chambers
The organization employs a detonation chamber capability within [Assignment: organization-defined information system, system component, or location].
Detonation chambers, also known as dynamic execution environments, allow organizations to open email attachments, execute untrusted or suspicious applications, and execute Universal Resource Locator (URL) requests in the safety of an isolated environment or virtualized sandbox. These protected and isolated execution environments provide a means of determining whether the associated attachments/applications contain malicious code. While related to the concept of deception nets, the control is not intended to maintain a long-term environment in which adversaries can operate and their actions can be observed. Rather, it is intended to quickly identify malicious code and reduce the likelihood that the code is propagated to user environments of operation (or prevent such propagation completely).