CMMC Practice SI.3.220: Utilize sandboxing to detect or block potentially malicious email.
CMMC CLARIFICATION (Ref CMMC – Appendix B)
You create an email sandbox by implementing an isolated environment to execute an attached file or linked URL. Before allowing attachments or links to be opened on the production network, they are executed within the sandbox and their behavior is observed. By opening these files or links in a protected environment, the system detects malicious activity before it is introduced into the network.