Use Compensating Controls for Windows 7 End of Life

 

 

Timeline for Microsoft Windows 7 end of life and compensating controls

Identify

  • Identify data class, security level, use case for each device involved so that decisions on security controls are appropriate (e.g. device not used for browsing in addition to primary function).
  • Unit requests 1 exception to cover the whole population with plan to manage, unless there is significant variation in security levels.
  • Tracks migration plan with regular check-ins.

Protect

  • Device is physically secured (locked or non-public space).
  • Unit maintains device segmentation (behind a default deny firewall or proxy).
  • Unit communicates security awareness to users (possibly with acknowledgement form).
  • In the event a system becomes highly vulnerable to a specific security risk, an upgrade may be required regardless of exception status.

Respond

  • Unit notifies University Information Security ([email protected]) and IT of changes to use case/security level.
  • In the event a system is compromised, an upgrade may be required regardless of exception status.