I've published an Internet Draft on "Security Requirements for Devices Implementing IP".
You can view it at:
http://www.ietf.org/internet-drafts/draft-jones-opsec-00.txt
This is an outgrowth of a document used by UUNET (my former employer)
to sanity check/security qualify equipment for connection to the backbone.
The point of publishing the document is to start discussion. There is a mailing
list set up: opsec@ops.ietf.org. Subscribe by sending a message to
"majordomo@ops.ietf.org" with "subscribe opsec" in the body.
The point of the document is to create a useful list that network operators
can use to communicate their securtiy requirements to vendors.
Please have a look and comment.
Thanks,
---George Jones