On Fri, Apr 16, 2004 at 10:24:17AM -0600, John R. Shannon wrote:
> The document source is:
> 
> http://www.dss.mil/isec/nispom.htm
> 
> The reference is to Chapter 8 of the National Industrial Security Program 
> (NISPOM). Contractors, that handle classified data, must comply with NISPOM.

I'm familiar with this document, but not with the chapter in question,
which seems to be new in Change 2.

I'd be willing to prepare a document on how to make a NetBSD system
fit the Protection Requirements of section 6, but not for free -- this
kind of standards-conformance work is *hard*, and I'm *busy*!  On the
other hand perhaps someone with similar interests and more time will
step forward; it'd certainly be a significant feather in the Project's
cap.

If you're a contractor, in this context, and you're facing this sudden
new requirement, perhaps you can obtain authorization to produce such
documentation as part of your job duties?  Certainly in an analogous
situation, I'd expect to be given adequate time to bring my systems into
conformance and explain why they were so.

Thor