I've published an Internet Draft on "Security Requirements for Devices Implementing IP".
You can view it at:
This is an outgrowth of a document used by UUNET (my former employer)
to sanity check/security qualify equipment for connection to the backbone.
The point of publishing the document is to start discussion. There is a mailing
list set up: email@example.com. Subscribe by sending a message to
"firstname.lastname@example.org" with "subscribe opsec" in the body.
The point of the document is to create a useful list that network operators
can use to communicate their securtiy requirements to vendors.
Please have a look and comment.