Administration and Finance
Information Technology Services
Nish Malik / Associate Vice President and Chief Information Officer, Information Technology Services / (415) 405-4105 / firstname.lastname@example.org
Friday, May 9, 2014
Thursday, October 21, 2021
The purpose of this policy is to ensure that university owned endpoints, servers, and network-connected devices, excluding Internet of Things (IOT) devices, are running operating systems which can be updated to address cybersecurity vulnerabilities.
Responsibility for implementing this policy will rest with the appropriate functional campus areas. The ITS Information Security Office is responsible for periodically auditing the SF State network for outdated operating systems and working with the functional campus areas to put in place risk acceptance documents for assets with non-supported operating systems that must remain on the network for more than 60 days after support ends.
Submit any apparent violation of this policy to the appropriate administrative authority (vice president, dean, director, department, or program chair) or to email@example.com.
Noncompliance with applicable policies may result in suspension of network access privileges. Campus functional areas hosting critical services that cannot be migrated quickly must file a risk acceptance form with the Security Team. In addition, disciplinary action may be applicable under other University policies, guidelines, implementing procedures, or collective bargaining agreements.