CMMC 1.0 Practice SI.3.220 Requirement:

Utilize email sandboxing to detect or block potentially malicious email attachments.

CMMC 1.0 SI.3.220 Requirement Explanation:

Sandboxing separates emails from your system while they are scanned for malicious links and attachments. If the email is deemed to be malicious it will be blocked. This prevents users from falling prey to phishing attacks.

Example CMMC 1.0 SI.3.220 Implementation:

Make sure the email service you use, scans emails for malicious attachments. Services like G-Suite and Office 365 do this automatically for their email services. For Office 365 you can purchase advanced threat protection, providing you with more capability. If your email service does not scan files for malicious attachments, then you will need to purchase a tool that does.

CMMC 1.0 SI.3.220 Scenario(s):

- Scenario 1:

Your employee received an email with an attachment. Because the attachment was malicious he received a notification that the attachment has been blocked.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.