Purpose
To provide a secure, stable, and supported operating system on all Network Connected Devices (NCDs) within the Enterprise.
Standard
- All NCD operating systems within the enterprise will support directory authentication as defined by EA Security standard SS005.2.
- All NCD operating systems will adhere to enterprise anti-virus requirements as defined by EA Security standard SS001.4.
- All NCD operating systems deployed in the enterprise shall be actively supported with patches and updates pertaining to the OS.
- All critical updates will be installed within 14 days of the release date on all NCDs.
Definition
Network Connected Devices (NCD) - A device on a network that provides computing resources to one or more end users. Devices include but are not limited to tablets, laptops, desktops, workstations, printers, multi-function printers, and mobile devices.
Active Support - Active support is considered to be support that addresses relevant security vulnerabilities that are identified within the OS. The entity providing the OS support shall maintain a concerted effort to address all security issues with patches and upgrades through an appropriate documented management process.
Critical Updates - Any updates, excluding service packs or general OS updates, which the OS vendor defines as critical or security related.
Policy
NCD operating systems will provide a secure, stable, and supported platform.
Scope
This standard applies to all executive branch state agencies including the University Systems Office but excluding other higher education institutions, i.e. campuses and agricultural and research centers.
Statement of Commitment
North Dakota's CIO/CTO directs that IT Policy be created to establish statewide information technology policies and standards as defined within ND Century Code (Chapter 54-59-09).
Non-Compliance
Non-compliance with this standard shall be reported to the Office of the State Auditor.