From 0bda358efe31a16b449c3e5422ebcb27c9cadfeb Mon Sep 17 00:00:00 2001
From: Tom Rhodes <trhodes@FreeBSD.org>
Date: Fri, 21 Apr 2006 05:41:40 +0000
Subject: [PATCH] Add a large section explaining that a "planning phase" is a
 good idea.

---
 .../books/handbook/mac/chapter.sgml           | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
index be0e1a8b86..5126040d07 100644
--- a/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/mac/chapter.sgml
@@ -832,6 +832,39 @@ test: biba/high</screen>
     </sect2>
   </sect1>
 
+  <sect1 id="mac-planning">
+    <title>Planning the Security Configuring</title>
+
+    <para>As with implementing any technology, there must be a planning
+      phase.  During this time is it best an administrator looks at
+      their plight as a whole and defines exactly what is needed.
+      Examine thoroughly what requirements exist, how to accomplish
+      the final goal.  How must information be classified or restricted,
+      what users should be given access and which <acronym>MAC</acronym>
+      module or modules will be required to achieve this goal.</para>
+
+    <para>Although it is always possible to reconfigure and change the
+      system resources and security settings, it is inconvenient to
+      search through the system and fix existing files and user
+      accounts.  Planning helps to ensure a trouble-free and efficient
+      trusted system implementation.  A trial run of the trusted system,
+      including the configuration, is often vital and definitely
+      beneficial before.  The idea of just letting loose on a system
+      with <acronym>MAC</acronym> is like setting up for failure.</para>
+
+    <para>Different environments may have explicit needs and
+      requirements.  Establishing an in depth and complete security
+      profile will decrease the need of changes once the system
+      goes live.  As such, the future sections will cover the
+      different modules available to administrators; describe their
+      use and configuration; and in some cases provide insight on
+      what situations they would be most suitable for.  For instance,
+      a web server might roll out the &man.mac.biba.4; and
+      &man.mac.bsdextended.4; policies.  In other cases, a machine
+      with very few local users, the &man.mac.partition.4; might
+      be a good choice.</para>
+  </sect1>
+
   <sect1 id="mac-modules">
     <title>Module Configuration</title>