RFC 3871 Operational Security Requirements September 2004
o Warnings (if applicable)
The requirement describes a policy to be supported by the device.
The justification tells why and in what context the requirement is
important. The examples section is intended to give examples of
implementations that may meet the requirement. Examples cite
technology and standards current at the time of this writing. See
[RFC3631]. It is expected that the choice of implementations to meet
the requirements will change over time. The warnings list
operational concerns, deviation from standards, caveats, etc.
Security requirements will vary across different device types and
different organizations, depending on policy and other factors. A
desired feature in one environment may be a requirement in another.
Classifications must be made according to local need.
In order to assist in classification, Appendix A defines several
requirement "profiles" for different types of devices. Profiles are
concise lists of requirements that apply to certain classes of
devices. The profiles in this document should be reviewed to
determine if they are appropriate to the local environment.
1.7. Intended Use
It is anticipated that the requirements in this document will be used
for the following purposes:
o as a checklist when evaluating networked products,
o to create profiles of different subsets of the requirements which
describe the needs of different devices, organizations, and
operating environments,
o to assist operators in clearly communicating their security
requirements,
o as high level guidance for the creation of detailed test plans.
1.8. Definitions
RFC 2119 Keywords
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL"
in this document are to be interpreted as described in [RFC2119].
Jones Informational [Page 7]
Unlimited Web Hosting
|
|
TotalRoute.net Business web hosting division of Vision Web Hosting Inc. All rights reserved. |