SC-44: Detonation Chambers

CSF v1.1 References:

Threats Addressed:


  • Low


  • Moderate


  • High


Next Version:

Control Statement

The organization employs a detonation chamber capability within [Assignment: organization-defined information system, system component, or location].

Supplemental Guidance

Detonation chambers, also known as dynamic execution environments, allow organizations to open email attachments, execute untrusted or suspicious applications, and execute Universal Resource Locator (URL) requests in the safety of an isolated environment or virtualized sandbox. These protected and isolated execution environments provide a means of determining whether the associated attachments/applications contain malicious code. While related to the concept of deception nets, the control is not intended to maintain a long-term environment in which adversaries can operate and their actions can be observed. Rather, it is intended to quickly identify malicious code and reduce the likelihood that the code is propagated to user environments of operation (or prevent such propagation completely).