Policy Code: 
ST020
Effective Date: 
Wednesday, June 22, 2016
Revision Date: 
Wednesday, June 22, 2016
Last Reviewed: 
Thursday, October 12, 2017
Version Control: 
This standard supersedes DT003-06.2 and DT001-04.3.

Purpose

To provide a secure, stable, and supported operating system on all Network Connected Devices (NCDs) within the Enterprise.

Standard

  1. All NCD operating systems within the enterprise will support directory authentication as defined by EA Security standard SS005.2.
  2. All NCD operating systems will adhere to enterprise anti-virus requirements as defined by EA Security standard ST001-04.2.
  3. All NCD operating systems deployed in the enterprise shall be actively supported with patches and updates pertaining to the OS.
  4. All critical updates will be installed within 14 days of the release date on all NCDs.

Policy

NCD operating systems will provide a secure, stable, and supported platform.

Applicability

This standard applies to all executive branch state agencies excluding the University Systems Office and other higher education institutions, i.e. campuses and agricultural and research centers.

Definition

Network Connected Devices (NCD):  A device on a network that provides computing resources to one or more end users. Devices include but are not limited to tablets, laptops, desktops, workstations, printers, multi-function printers, and mobile devices.

Active Support:  Active support is considered to be support that addresses relevant security vulnerabilities that are identified within the OS.  The entity providing the OS support shall maintain a concerted effort to address all security issues with patches and upgrades through an appropriate documented management process.

Critical Updates:  Any updates, excluding service packs or general OS updates, which the OS vendor defines as critical or security related. 

Non-Compliance

Non-compliance with this standard shall be reported to the Office of the State Auditor.

Drafted By

Technology Architecture