IT-1005 Unsupported Operating Systems

Effective Date: 2015-04-22

1.0 Overview

In order to ensure the security of the Florida Institute of Technology network, software products such as Operating Systems need to be kept up to date with the latest security patches to protect against vulnerabilities. Operating Systems that are no longer maintained by their manufacturers lack the most recent security updates and enhancements.

2.0 Purpose

This policy outlines the requirement that all Operating Systems on the Florida Institute of Technology network must be currently supported by their manufacturer.

3.0 Scope

This policy applies to all devices connected to the Florida Institute of Technology network, and all users of the Florida Institute of Technology network services.

4.0 Policies

Devices with operating systems that are no longer supported by their manufacturer are not allowed to connect to the Florida Institute of Technology network without explicit approval by the Florida Institute of Technology IT department. Out of date operating systems are susceptible to many critical security vulnerabilities and many of those vulnerabilities might not be public. Running devices with such operating systems put the university at an increased risk for compromise.

If an application requires an unsupported operating system, that application may be executed on a device with an unsupported operating system as long as that device is not in any way connected to the university network.

In most cases, placing a device running an unsupported operating system behind a firewall is not sufficient to mitigate associated risks.

Some examples of unsupported operating systems that may not be used on the university network without approval include, but are not limited to, the following:

  • Microsoft Windows 95, 98, ME, NT, 2000, ME and XP
  • Microsoft CE version 6 and earlier
  • Redhat Linux 1.0 - 9.0
  • Redhat Enterprise Linux AS/ES/WS v.3 and earlier
  • IBM OS/2 - All Versions
  • SUSE Linux 11.2 and earlier
  • openSUSE Linux 12.2 and earlier (12.3 end of life 9/15/14)
  • Mandrake Linux 10.2 and earlier (* Now Mandriva)
  • Mandriva Linux 2011 and earlier
  • Mandriva Enterprise Server 5 and Corporate Server 4.0 and earlier
  • Fedora Core 6 and earlier
  • Fedora Linux 18 and earlier
  • Debian Linux 6.0 and Earlier
  • Ubuntu Linux 13.10 and earlier (click here for current version end dates)
  • Sun Solaris OS 5.7 and Earlier
  • Oracle Solaris 9 and earlier
  • Apple MacOS X Snow Leopard and earlier
  • CentOS Version 4 and earlier

The websites of operating system providers should provide information on whether or not a specific operating system is currently supported.

Printers, and network infrastructure devices such as routers, switches and bridges are exempt from this policy unless a security related issue has been identified in the device. The Information Security Officer regularly researches newly discovered vulnerabilities and will be able to inform users of vulnerable devices about updates, provided the Information Security Officer is supplied with the device make, model and the campus contact information for the user of the device.

5.0 Enforcement

Devices determined to be running unsupported operating systems will be disabled from accessing the network until the operating system is upgraded to a supported version, or an exception is approved by the IT Department. Consistent willful violation of this policy will be subject to whatever penalties the university administration deems appropriate.

6.0 Revisions

DateRevised ByApproved ByApproval DateEffective Date
February 1, 2007 James Cooley Information Technology Executive Commitee (ITEC) 02/8/2007 02/8/2007
June 28, 2010 Jennifer Charron Information Technology Executive Commitee (ITEC) 00/00/0000

00/00/0000

November 17, 2011 Jennifer Charron Information Technology Executive Commitee (ITEC)  

 

 

March 11, 2014 Jennifer Charron Information Technology Executive Commitee (ITEC)    
July 21, 2014 Jennifer Charron Information Technology Executive Commitee (ITEC)    07/22/2014

History of example updates:

Date Revised By
March 21, 2007 James Cooley
October 3, 2007 James Cooley
April 16, 2008 James Cooley
December 3, 2008 James Cooley