NIST 800-53 SC-44 Mappings

Detonation chambers, also known as dynamic execution environments, allow organizations to open email attachments, execute untrusted or suspicious applications, and execute Universal Resource Locator requests in the safety of an isolated environment or a virtualized sandbox. Protected and isolated execution environments provide a means of determining whether the associated attachments or applications contain malicious code. While related to the concept of deception nets, the employment of detonation chambers is not intended to maintain a long-term environment in which adversaries can operate and their actions can be observed. Rather, detonation chambers are intended to quickly identify malicious code and either reduce the likelihood that the code is propagated to user environments of operation or prevent such propagation completely.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
SC-44 Detonation Chambers Protects T1204 User Execution
SC-44 Detonation Chambers Protects T1204.001 Malicious Link
SC-44 Detonation Chambers Protects T1204.002 Malicious File
SC-44 Detonation Chambers Protects T1204.003 Malicious Image
SC-44 Detonation Chambers Protects T1221 Template Injection
SC-44 Detonation Chambers Protects T1566 Phishing
SC-44 Detonation Chambers Protects T1566.001 Spearphishing Attachment
SC-44 Detonation Chambers Protects T1566.002 Spearphishing Link
SC-44 Detonation Chambers Protects T1566.003 Spearphishing via Service
SC-44 Detonation Chambers Protects T1598 Phishing for Information
SC-44 Detonation Chambers Protects T1598.001 Spearphishing Service
SC-44 Detonation Chambers Protects T1598.002 Spearphishing Attachment
SC-44 Detonation Chambers Protects T1598.003 Spearphishing Link