The IT Law Wiki


Robustness is

[t]he ability of an Information Assurance entity to operate correctly and reliably across a wide range of operational conditions, and to fail gracefully outside of that operational range.[1]
the quality of being able to withstand stresses, pressures, or changes in procedure or circumstance. A system, organism or design may be said to be "robust" if it is capable of coping well with variations (sometimes unpredictable variations) in its operating environment with minimal damage, alteration or loss of functionality.
[t]he ability to withstand and recover from adverse effects on the system, subsystem, equipment, network, or service. Adverse effects may manifest themselves directly as unavailability, or indirectly as performance (delay, throughput, packet loss, session stability) degradations and the effects of security threats on inherent security vulnerabilities. The ability of the technology, design or systems themselves to adjust capacity, reroute traffic, reconfigure, discard malicious packets and failover, for example, affects robustness to these situations.[2]
the ability to maintain critical operations and functions in the face of crisis. This can be reflected in physical building and infrastructure design (office buildings, power generation and distribution structures, bridges, dams, levees), or in system redundancy and substitution (transportation, power grid, communications networks).[3]

U.S. Department of Defense[]

The Department of Defense has three levels of robustness:
  • High Robustness: Security services and mechanisms that provide the most stringent protection and rigorous security countermeasures.
  • Medium Robustness: Security services and mechanisms that provide for layering of additional safeguards above good commercial practices.
  • Basic Robustness: Security services and mechanisms that equate to good commercial practices.[4]