SC-44: Detonation Chambers

CSF v1.1 References:

Threats Addressed:


  • Low


  • Moderate


  • High


  • Privacy


Previous Version:

Control Statement

Employ a detonation chamber capability within [Assignment: organization-defined system, system component, or location].

Supplemental Guidance

Detonation chambers, also known as dynamic execution environments, allow organizations to open email attachments, execute untrusted or suspicious applications, and execute Universal Resource Locator requests in the safety of an isolated environment or a virtualized sandbox. Protected and isolated execution environments provide a means of determining whether the associated attachments or applications contain malicious code. While related to the concept of deception nets, the employment of detonation chambers is not intended to maintain a long-term environment in which adversaries can operate and their actions can be observed. Rather, detonation chambers are intended to quickly identify malicious code and either reduce the likelihood that the code is propagated to user environments of operation or prevent such propagation completely.