Things to ponder on:
1) Primary and Secondary UPS/Generator to ensure good clean supply at all times. Depending on your power source and and stability, you may or may not need this. If you have a budget, go for it.
2) Primary and Secondary Temperature/Humidity Control to ensure a stable environment. Can get pretty hot in a Telecom room when AC is not working. Depending on your geo-location, you may or may not need this.
3) Raised Floor/Ceiling space to run cables. If budget allows, Cable Trays to run cables from one side of the room to another....could be done neatly and on a budget.
5) Position of Racks to ensure Accessibility....especially cable racks. You never know when you need to punchdown new cables and getting behind the little space behind a rack can be a pain. Make sure you can easily work around your server/cable racks.
6) Proper electrical grounding for all equipment. Ground the racks properly...equipment can thus be grounded via racks.
7) Physical separation of Electrical cabling and Data cabling as much as possible.
9) Physical Security to the room and building room is in. - Fire/Water Alarms. Temperature sensor if budget allows. Break-in protection...etc.
10) Position of Telephone - During remote support this can be a pain unless you have a cordless phone.
11) Consider how many people will be in room at same time.
Best way to start is plan a layout using some software. Position everything. AC/ UPS/ RACKS/ TELEPHONE/ PEOPLE IN ROOM.
Just some basic considerations....among others...
All the best!
Seem like they recommending it only for "critical vulnerabilities under active exploitation". For vulnerabilities where exploits increase as each day passes because of non-disclosure, I would want quick notification.
FTA and not quite in the summary:
“Our standing recommendation is that companies should fix critical vulnerabilities within 60 days — or, if a fix is not possible, they should notify the public about the risk and offer workarounds,” the two said in a blog post today. “We encourage researchers to publish their findings if reported issues will take longer to patch. Based on our experience, however, we believe that more urgent action — within seven days — is appropriate for critical vulnerabilities under active exploitation. The reason for this special designation is that each day an actively exploited vulnerability remains undisclosed to the public and unpatched, more computers will be compromised.”
"You can't make a program without broken egos."