Operating Systems Current Versions

Division: 

Administration and Finance

Department: 

Information Technology Services

Contact Information: 

Nish Malik / Associate Vice President and Chief Information Officer, Information Technology Services / (415) 405-4105 / nish@sfsu.edu

Effective Date: 

Friday, May 9, 2014

Revised Date: 

Thursday, June 5, 2014

Authority: 


Objective: 

The purpose of this Practice Directive is to ensure devices are running operating systems that can be maintained securely to comply with CSU and SF State regulations regarding security of information, and to protect SF State Confidential data.


Statement: 

Purpose & Scope

The purpose of this Practice Directive is to ensure devices are running operating systems that can be maintained securely to comply with CSU and SF State regulations regarding security of information, and to protect SF State Confidential data.

Practice Directive & Appropriate Use

  • Operating systems that are officially supported by the manufacturer or open source community and have no industry-recognized security vulnerabilities can be used to access SF State Confidential Data and the university network.
  • Operating systems that have been officially dropped from supported status by the manufacturer or open source community and/or have industry-recognized security vulnerabilities must be retired, upgraded, or disconnected from the network.
  • Most manufacturers provide support for last two-three versions of their operating systems. All users should plan to proactively update/upgrade their operating system before it is unsupported.
  • All departments and units must follow SF State’s Practice Directive on Patch Management and procedures in conformance with change control policies.
  • Division of Information Technology (DoIT) reserves the right to turn off, with or without notice; any device connected to the network that it deems may put the university's systems, data, and users at risk or interfere with the operation of the university’s network.
  • Any significant changes to this  Practice Directive will be discussed in advance with the appropriate campus constituencies. Updates to these guidelines will be coordinated with changes in vendor support polices, software upgrades, and/or releases of new products.

Implementation

Responsibility for implementing this Practice Directive will rest with Division of Information Technology (DoIT) and Information Technology departments across campus.

Non-Compliance

Noncompliance with applicable policies and/or practices may result in removal of access to sensitive data and suspension of network access privileges. In addition, disciplinary action may be applicable under other University policies, guidelines, implementing procedures, or collective bargaining agreements.