In order to ensure the security of the Florida Institute of Technology network, software products such as Operating Systems need to be kept up to date with the latest security patches to protect against vulnerabilities. Operating Systems that are no longer maintained by their manufacturers lack the most recent security updates and enhancements.
This policy outlines the requirement that all Operating Systems on the Florida Institute of Technology network must be currently supported by their manufacturer.
This policy applies to all devices connected to the Florida Institute of Technology network, and all users of the Florida Institute of Technology network services.
Devices with operating systems that are no longer supported by their manufacturer are not allowed to connect to the Florida Institute of Technology network without explicit approval by the Florida Institute of Technology IT department. Out of date operating systems are susceptible to many critical security vulnerabilities and many of those vulnerabilities might not be public. Running devices with such operating systems put the university at an increased risk for compromise.
If an application requires an unsupported operating system, that application may be executed on a device with an unsupported operating system as long as that device is not in any way connected to the university network.
In most cases, placing a device running an unsupported operating system behind a firewall is not sufficient to mitigate associated risks.
Some examples of unsupported operating systems that may not be used on the university network without approval include, but are not limited to, the following:
The websites of operating system providers should provide information on whether or not a specific operating system is currently supported.
Printers, and network infrastructure devices such as routers, switches and bridges are exempt from this policy unless a security related issue has been identified in the device. The Information Security Officer regularly researches newly discovered vulnerabilities and will be able to inform users of vulnerable devices about updates, provided the Information Security Officer is supplied with the device make, model and the campus contact information for the user of the device.
Devices determined to be running unsupported operating systems will be disabled from accessing the network until the operating system is upgraded to a supported version, or an exception is approved by the IT Department. Consistent willful violation of this policy will be subject to whatever penalties the university administration deems appropriate.
|Date||Revised By||Approved By||Approval Date||Effective Date|
|February 1, 2007||James Cooley||Information Technology Executive Committee (ITEC)||02/8/2007||02/8/2007|
|June 28, 2010||Jennifer Charron||Information Technology Executive Committee (ITEC)||00/00/0000||
|November 17, 2011||Jennifer Charron||Information Technology Executive Committee (ITEC)||
|March 11, 2014||Jennifer Charron||Information Technology Executive Committee (ITEC)|
|July 21, 2014||Jennifer Charron||Information Technology Executive Committee (ITEC)||07/22/2014|
|March 21, 2007||James Cooley|
|October 3, 2007||James Cooley|
|April 16, 2008||James Cooley|
|December 3, 2008||James Cooley|