RFC 3871           Operational Security Requirements      September 2004

   While the examples given are written with IPv4 in mind, most of the

   requirements are general enough to apply to IPv6.

1.4.  Definition of a Secure Network

   For the purposes of this document, a secure network is one in which:

   o  The network keeps passing legitimate customer traffic

      (availability).

   o  Traffic goes where it is supposed to go, and only where it is

      supposed to go (availability, confidentiality).

   o  The network elements remain manageable (availability).

   o  Only authorized users can manage network elements (authorization).

   o  There is a record of all security related events (accountability).

   o  The network operator has the necessary tools to detect and respond

      to illegitimate traffic.

1.5.  Intended Audience

   There are two intended audiences: the network operator who selects,

   purchases, and operates IP network equipment, and the vendors who

   create them.

1.6.  Format

   The individual requirements are listed in the three sections below.

   o  Section 2 lists functional requirements.

   o  Section 3 lists documentation requirements.

   o  Section 4 lists assurance requirements.

   Within these areas, requirements are grouped in major functional

   areas (e.g., logging, authentication, filtering, etc.)

   Each requirement has the following subsections:

   o  Requirement (what)

   o  Justification (why)

   o  Examples (how)

Jones                        Informational                      [Page 6]