Overview
At a minimum, basic-robustness COTS IA and IA-enabled products are used to protect publicly released information from malicious tampering or destruction and ensure its availability. The basic-robustness requirements for products are defined in the Protection Profile Consistency Guidance for Basic Robustness published under the IATF.
Threat
Utilizing GOTS or COTS IA and IA-enabled IT products that are designated at a lower robustness then is required will increase network vulnerability by not adequately protecting DoD data and information systems. By adhering to robustness requirements, organizations can be confident that they are applying the appropriate level of protection to their network.
Guidance
1. At a minimum, basic-robustness COTS IA and IA-enabled products shall be used to protect publicly released information from malicious tampering or destruction and ensure its availability.
2. The basic-robustness requirements for products are defined in the Protection Profile Consistency Guidance for Basic Robustness published under the IATF.
DoD classifies this control in the subject area of “Security Design and Configuration” with a impact of “High”.