I need some preliminary text for the wireless requirements. Again, I think wireless gear is in scope, as long as it is within/is the operators perimeter and is managed. Thanks, ---George > Appendix A. Requirement Profiles > > . > . > . > > A.5 SOHO Profile > > . > . > . > > (Functionality not yet listed in document) > No default passwords > Must configure passwords for access I'll do the wording for this/add it to the minimum profile. > > > A.6 Wireless Network Device Profile > > Wireless networks must be thought of being a free-for all where almost > anyone can easily eavesdrop on the network. Therefore, it has it’s own > set of security requirements, which mostly is a subset of the minimal > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > security requirements listed in A.1. > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ For profiles that are not strict derivitives of the minimum set, I would not mention it. I might call them something like "Minimum requirements for...." > > (Functionality not listed in core doc) > Must use WEP > Must use authentication > Must use MAC address filtering > Should use TKIP and 802.11x where possible (most devices should now > implement it since the standard is ratified…..probably should > require vendors to have this) Can you give me preliminary wording (requirement, justificaiton, example, warnings) for these new reqs ? ---George George M. Jones, | Spam is to email as decay particles are JAPH | to nuclear waste. gmj@pobox.com |