IT-1005 Unsupported Operating Systems
Effective Date Jan 1, 2018
In order to ensure the security of the Florida Institute of Technology network, software products such as Operating Systems need to be kept up to date with the latest security patches to protect against vulnerabilities. Operating Systems that are no longer maintained by their manufacturers lack the most recent security updates and enhancements.
This policy outlines the requirement that all Operating Systems on the Florida Institute of Technology network must be currently supported by their manufacturer.
This policy applies to all devices connected to the Florida Institute of Technology network, and all users of the Florida Institute of Technology network services.
Devices with operating systems that are no longer supported by their manufacturer are not allowed to connect to the Florida Institute of Technology network without explicit approval by the Florida Institute of Technology IT department. Out of date operating systems are susceptible to many critical security vulnerabilities and many of those vulnerabilities might not be public. Running devices with such operating systems put the university at an increased risk for compromise.
If an application requires an unsupported operating system, that application may be executed on a device with an unsupported operating system as long as that device is not in any way connected to the university network.
In most cases, placing a device running an unsupported operating system behind a firewall is not sufficient to mitigate associated risks.
Some examples of unsupported operating systems that may not be used on the university network without approval include, but are not limited to, the following:
- Microsoft Windows 95, 98, ME, NT, 2000, ME, XP and Vista
- Microsoft CE version 6 and earlier
- Redhat Linux 1.0 - 9.0
- Redhat Enterprise Linux AS/ES/WS v.4 and earlier
- IBM OS/2 - All Versions
- SUSE Linux 11.2 and earlier
- openSUSE Linux 13.2 and earlier, openSUSE Leap 42.2 and earlier
- Mandrake Linux 10.2 and earlier (* Now Mandriva)
- Mandriva Linux 2011 and earlier
- Mandriva Enterprise Server 5 and Corporate Server 4.0 and earlier
- Fedora Core 6 and earlier
- Fedora Linux 23 and earlier
- Debian Linux 6.0 and Earlier (Debian 7 EOL May 31, 2018)
- Ubuntu Linux 17.04 and earlier (view the current version end dates)
- Sun Solaris OS 5.7 and Earlier
- Oracle Solaris 9 and earlier
- Apple MacOS X Yosemite and earlier
- CentOS Version 5 and earlier
The websites of operating system providers should provide information on whether or not a specific operating system is currently supported.
Printers, and network infrastructure devices such as routers, switches and bridges are exempt from this policy unless a security related issue has been identified in the device. The Information Security Officer regularly researches newly discovered vulnerabilities and will be able to inform users of vulnerable devices about updates, provided the Information Security Officer is supplied with the device make, model and the campus contact information for the user of the device.
Devices determined to be running unsupported operating systems will be disabled from accessing the network until the operating system is upgraded to a supported version, or an exception is approved by the IT Department. Consistent willful violation of this policy will be subject to whatever penalties the university administration deems appropriate.
|Date||Revised By||Approved By||Approval Date||Effective Date|
|February 1, 2007||James Cooley||Information Technology Executive Committee (ITEC)||02/8/2007||02/8/2007|
|June 28, 2010||Jennifer Charron||Information Technology Executive Committee (ITEC)||00/00/0000||
|November 17, 2011||Jennifer Charron||Information Technology Executive Committee (ITEC)||
|March 11, 2014||Jennifer Charron||Information Technology Executive Committee (ITEC)|
|July 21, 2014||Jennifer Charron||Information Technology Executive Committee (ITEC)||07/22/2014|
History of example updates:
|March 21, 2007||James Cooley|
|October 3, 2007||James Cooley|
|April 16, 2008||James Cooley|
|December 3, 2008||James Cooley|