CMMC Level 3 Control – Email Sandboxing (SI.3.220) - Security Boulevard

CMMC Level 3 Control – Email Sandboxing (SI.3.220)

In the CMMC process, one of the controls that many organizations may have some issues understanding or implementing is Email Sandboxing or SI.3.220.  An overview for this control states an organization should utilize sandboxing to detect or block potentially malicious email.  The action can prevent malicious files from entering the network and should be document in the Configuration Management Policy.

An email sandbox provides an isolated environment to execute an attached file or linked URL.  Before allowing attachments or links to be opened on the production network, they are executed within the sandbox and their behavior is observed. By opening these files or links in a protected environment, the system detects malicious activity before it is introduced into the network.

Office365 and its Advance Threat Protection can provide these services with their URL Detonation and Dynamic Delivery.  The Dynamic Delivery feature allows recipients to read and respond to emails while the attachment is being scanned. Dynamic Delivery delivers emails to the recipient’s inbox along with a “placeholder” attachment notifying the user that the real attachment is being scanned—all with minimal lag time.  If a user clicks the placeholder attachment, they see a message showing the progress of the scan. If the attachment is harmless, it seamlessly re-attaches to the email so the user can access it. If it is malicious, Office 365 Advanced Threat Protection will filter out the attachment.

URL Detonation can be enabled through the policy controls in the Safe Links admin window under settings. To enable URL Detonation, select the “On” radio button and then select the Use Safe Attachments to scan downloadable content checkbox.

Dynamic Delivery can be activated through the policy controls from the Safe Attachments admin control window under Settings. Simply select the Dynamic Delivery radio button.

Other email services also provide the sandboxing service as well.  For example, this feature is available with G Suite Enterprise and G Suite Enterprise for Education.  So, contact your email provider if you are not sure.

In the CMMC process, one of the controls that many organizations may have some issues understanding or implementing is Email Sandboxing or SI.3.220.  An overview for this control states an organization should utilize sandboxing to detect or block potentially malicious email.  The action can prevent malicious files from entering the network and should be document in the Configuration Management Policy.

An email sandbox provides an isolated environment to execute an attached file or linked URL.  Before allowing attachments or links to be opened on the production network, they are executed within the sandbox and their behavior is observed. By opening these files or links in a protected environment, the system detects malicious activity before it is introduced into the network.

Office365 and its Advance Threat Protection can provide these services with their URL Detonation and Dynamic Delivery.  The Dynamic Delivery feature allows recipients to read and respond to emails while the attachment is being scanned. Dynamic Delivery delivers emails to the recipient’s inbox along with a “placeholder” attachment notifying the user that the real attachment is being scanned—all with minimal lag time.  If a user clicks the placeholder attachment, they see a message showing the progress of the scan. If the attachment is harmless, it seamlessly re-attaches to the email so the user can access it. If it is malicious, Office 365 Advanced Threat Protection will filter out the attachment.

URL Detonation can be enabled through the policy controls in the Safe Links admin window under settings. To enable URL Detonation, select the “On” radio button and then select the Use Safe Attachments to scan downloadable content checkbox.

Dynamic Delivery can be activated through the policy controls from the Safe Attachments admin control window under Settings. Simply select the Dynamic Delivery radio button.

Other email services also provide the sandboxing service as well.  For example, this feature is available with G Suite Enterprise and G Suite Enterprise for Education.  So, contact your email provider if you are not sure.


*** This is a Security Bloggers Network syndicated blog from SecurityOrb.com authored by Kellep Charles. Read the original post at: https://www.securityorb.com/featured/cmmc-level-3-control-email-sandboxing-si-3-220/?utm_source=rss&utm_medium=rss&utm_campaign=cmmc-level-3-control-email-sandboxing-si-3-220