Resources
Use Compensating Controls for Windows 7 End of Life
Identify
- Identify data class, security level, use case for each device involved so that decisions on security controls are appropriate (e.g. device not used for browsing in addition to primary function).
- Unit requests 1 exception to cover the whole population with plan to manage, unless there is significant variation in security levels.
- Tracks migration plan with regular check-ins.
Protect
- Device is physically secured (locked or non-public space).
- Unit maintains device segmentation (behind a default deny firewall or proxy).
- Unit communicates security awareness to users (possibly with acknowledgement form).
- In the event a system becomes highly vulnerable to a specific security risk, an upgrade may be required regardless of exception status.
Respond
- Unit notifies University Information Security ([email protected]) and IT of changes to use case/security level.
- In the event a system is compromised, an upgrade may be required regardless of exception status.
More Information
University Policies
Exception to Policy
Intended Audiences
Students
Instructors
Researchers
Staff & Departments
Health Sciences Affiliates
IT Staff and Partners