ISO Position Paper

Position Title: Software & Operating Systems

Position Audience: Princeton University Community

Contact: Information Security Office: [email protected]

Position Release Date: August 1, 2019

Last update: October 2, 2023

Problem Statement

Software and operating systems (OS) have a life cycle. Vendors will release security updates throughout the supported period and eventually end their support for software or an OS version. Once support ends, additional security updates are no longer provided rendering the software or OS insecure. This applies to all software and operating systems. The most common operation systems are Microsoft Windows, Apple Mac OS, the various versions of Linux, Apple iOS, and Google Android.

ISO Position

Computers and mobile devices connecting to the University network must utilize vendor-supported software and operating systems and must have all relevant security updates applied within 30 days of release. Computers and mobile devices running an obsolete, out-of-support, or unpatched software or operating system cannot be used for University work. They should not be placed on the University network, nor should they be allowed to connect via the University’s VPN service. These devices put the University’s information security at significant risk.

Data classification: Public