CMMC Practice SC.4.202
Employ mechanisms to analyze executable code and scripts (e.g., sandbox) traversing Internet network boundaries or other organizationally defined boundaries.
Bold Coast Security Guidance
Here is another example of a control that would be included in "nextgen" malicious software protection and firewall technologies. "Sandboxing" is testing executable code and links in a protected space where no harm can be done, and the tool processes the results of "exploding" code and links to see what behaviors are exhibited. In this sense, organizations with less mature programs may still take advantage of an advanced capability, because it is offered with very little administrative or budget overhead.
Advanced malicious executable code has become much better at evading signature-based detection and protection capabilities . Sandboxes and other advanced analytics are more advanced defenses that allow the code or script to execute in an isolated, controlled, and instrumented environment to detect signs of malicious activity.
- NIST SP 800-53 Rev 4 SC-44