Operating Systems (updated 3/22/23)

ISO Position Paper

Position Title: Operating Systems

Position Audience: Princeton University Community

Contact: Information Security Office: [email protected]

Position Release Date: August 1, 2019

Last update: March 22, 2023

Problem Statement

Like all software, operating systems (OS) have a life cycle. Vendors will release security updates throughout the supported period and eventually end their support for an OS version. Once support ends, additional security updates are no longer provided rendering the OS insecure. This applies to all operating systems. The most common are Microsoft Windows, Apple Mac OS, the various versions of Linux, Apple iOS, and Google Android.

ISO Position

Computers and mobile devices connecting to the University network must utilize a vendor-supported operating system and must have all relevant security updates applied within 30 days of release. Computers and mobile devices running an obsolete, out-of-support, or unpatched operating system cannot be used for University work. They should not be placed on the University network, nor should they be allowed to connect via the University’s VPN service. These devices put the University’s information security at significant risk.

Data classification: Public