Policy Code: 
Effective Date: 
Wednesday, June 22, 2016
Revision Date: 
Wednesday, June 22, 2016
Last Reviewed: 
Thursday, March 5, 2020
Version Control: 
This standard supersedes DT003-06.2 and DT001-04.3.


To provide a secure, stable, and supported operating system on all Network Connected Devices (NCDs) within the Enterprise.


  1. All NCD operating systems within the enterprise will support directory authentication as defined by EA Security standard SS005.2.
  2. All NCD operating systems will adhere to enterprise anti-virus requirements as defined by EA Security standard SS001.4.
  3. All NCD operating systems deployed in the enterprise shall be actively supported with patches and updates pertaining to the OS.
  4. All critical updates will be installed within 14 days of the release date on all NCDs.


NCD operating systems will provide a secure, stable, and supported platform.


This standard applies to all executive branch state agencies excluding the University Systems Office and other higher education institutions, i.e. campuses and agricultural and research centers.


Network Connected Devices (NCD):  A device on a network that provides computing resources to one or more end users. Devices include but are not limited to tablets, laptops, desktops, workstations, printers, multi-function printers, and mobile devices.

Active Support:  Active support is considered to be support that addresses relevant security vulnerabilities that are identified within the OS.  The entity providing the OS support shall maintain a concerted effort to address all security issues with patches and upgrades through an appropriate documented management process.

Critical Updates:  Any updates, excluding service packs or general OS updates, which the OS vendor defines as critical or security related.


Non-compliance with this standard shall be reported to the Office of the State Auditor.

Drafted By

Technology Architecture