Use Compensating Controls for Windows 2008 End of Life

 

Timeline for Microsoft Windows 7 end of life and compensating controls

Identify

  • Already accomplished and tracked via Trello.
  • OIT Microsoft Platform Team (MPT) and project team tracks migration plan with regular check-ins with unit.

Protect

  • Unit maintains device segmentation.
  • Device must be behind a default deny firewall or proxy.
  • Authorized access is limited to only needed accounts.
  • Unit communicates security awareness to users (possibly with acknowledgement form).
  • In the event a system becomes highly vulnerable to an unpatchable security risk, the device will be disconnected from the network. An upgrade will be required regardless of exception status.

Respond

  • Unit notifies University Information Security ([email protected]) and OIT of changes to use case/security level.
  • Unit notifies University Information Security ([email protected])  and OIT of any changes to its retirement plan. For example, change of retirement dates and why.
  • In the event a system is compromised, an upgrade will be required regardless of exception status.

More Information

University Policies

 

Exception to Policy

Intended Audiences

IT Staff and Partners

Additional Resources

Policies and Guidance for Information Security
Risk Management for Information Security
University Information Security