What are IA Products? How do they differ from IA Enabled Products?
An IA product is an IT product or technology whose primary purpose is to provide security services (e.g., confidentiality, authentication, integrity, access control and non-repudiation of data); correct known vulnerabilities; provide layered defense against various categories of non-authorized and malicious penetrations of information systems or networks. Examples include such products as data/network encryptors, firewalls and intrusion detection devices. An IA-enabled product is a product or technology whose primary role is not security, but which provides security services as an associated feature of its intended operating capabilities. To meet the intent of NSTISSP #11, acquired IA-enabled products must be evaluated if the IA features are going to be used to perform one of the security services (availability, integrity, confidentiality, authentication, or non-repudiation). Therefore, the determination of whether an IA-enabled product must be evaluated will be dependent upon how that