SC-44 Detonation Chambers
Employ a detonation chamber capability within sc-44_odp.
| Parameter ID | Definition |
|---|---|
| sc-44_odp | system, system component, or location |
Baselines
- L
- M
- H
- P
Guidance
Detonation chambers, also known as dynamic execution environments, allow organizations to open email attachments, execute untrusted or suspicious applications, and execute Universal Resource Locator requests in the safety of an isolated environment or a virtualized sandbox. Protected and isolated execution environments provide a means of determining whether the associated attachments or applications contain malicious code. While related to the concept of deception nets, the employment of detonation chambers is not intended to maintain a long-term environment in which adversaries can operate and their actions can be observed. Rather, detonation chambers are intended to quickly identify malicious code and either reduce the likelihood that the code is propagated to user environments of operation or prevent such propagation completely.
References 1
- SP 800-177 Rose SW, Nightingale S, Garfinkel SL, Chandramouli R (2019) Trustworthy Email. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-177, Rev. 1.
Related controls 9
- SC-07 Boundary Protection L M H P
- SC-18 Mobile Code L M H P
- SC-25 Thin Nodes L M H P
- SC-26 Decoys L M H P
- SC-30 Concealment and Misdirection L M H P
- SC-35 External Malicious Code Identification L M H P
- SC-39 Process Isolation L M H P
- SI-03 Malicious Code Protection L M H P
- SI-07 Software, Firmware, and Information Integrity L M H P