[Micronet] MSS exception requests for unsupported operating systems

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] MSS exception requests for unsupported operating systems

Allison Henry
In December 2009, System and Network Security released the following
information about legacy operating systems and compliance with campus
Minimum Security Standards (MSS):

http://inews.berkeley.edu/articles/Jan-Feb2010/MSSND-compliance

At their April 2010 meeting, the Campus Information Security and Privacy
Committee (CISPC) decided that all devices running an operating system
no longer supported by the vendor for security updates must have an MSS
exception request. This includes:

 * Mac OS X 10.4 (unsupported as of November 2009)
 * Windows 2000 Server and Workstation (unsupported as of July 13 2010)
 * Windows XP Service Pack 2 (unsupported as of July 13 2010)

If you are responsible for a host running an unsupported operating
system, please review the following guidelines for submitting your MSS
exception request:

* Group hosts within your departments running the same operating system
into a single request, using the "Complex Request" option on the MSS
exception website: https://security.berkeley.edu/MinStdsException.html

* Detail any measures taken to mitigate the vulnerability, such as
disabling vulnerable services, restricting access with firewalls,
limiting user accounts, using strong passwords, etc.

* Mac OS X workstations running 10.4 will be granted exceptions provided
that firewalls are blocking vulnerable services and the workstation is
not used for restricted data.

* Exceptions are granted for a period of no more than one year; after
that time an extension may be requested.

* MSS exceptions for unsupported operating systems may be withdrawn by
the CISPC if new and serious security threats emerge.

Please contact [hidden email] if you have any additional
questions about submitting an MSS exception. Thank you,

--
Allison Henry
System and Network Security
University of California, Berkeley
http://security.berkeley.edu

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.