Device Operating System (OS) Compliance Requirements

Vulnerabilities are discovered frequently in software and they put your computer, data and the enterprise at risk. In order to stay secure and compliant with Mass General Brigham policies, make sure that you are running a current, supported Operating System (OS) and that your software applications are up to date. See below the table for a list of policies.

Devices connecting to the Mass General Brigham network will be checked for compliance with security requirements by the Network Access Control (NAC) tool. According to policy, all non-compliant, compromised or infected devices will be removed from the network. See below to read more about NAC at Mass General Brigham.

OS/Device

Minimum Supported Version

Self Service Instructions

Support / Contact

Windows Computer  

IS Service Desk 857-282-HELP

     Standard * Win10 1909 or above No action (these are managed by IS)
     Non-standard KB0031028
     Personal KB0031028
Macintosh Computer macOS Catalina 10.15 or above  KB0037831
iOS or iPadOS  iOS or iPad OS 13 or above  KB0014183
Android 9 or above KB0033128
Windows Server
     Hosted in the data center 2012 or above No action (these are managed by IS)
     Not hosted in the data center Contact the IS Service Desk to determine next steps.
Linux Server
     Hosted in the data center CentOS 7 or above No action (these are managed by IS)
     Not hosted in the data center Contact the IS Service Desk to determine next steps.

Policies

EISP-12.4: IT Acquisition, SDLC and Maintenance Policy

EISS-12a.3: Enterprise IT Acquisition, SDLC and Maintenance Standards: General Use IT Systems

More about NAC

Mass General Brigham (MGB) is committed to providing a consistent computing experience across all devices used at work to assure productive, stable and secure computers (Windows PCs, Apple Macs, smartphones and tablets). Network Access Control (NAC) is a component of the overall effort with a focus on strengthening the security of our environment. 

Network Access Control (NAC) checks devices connecting to the Mass General Brigham computer network for compliance with specific security policies. The current agent used at Mass General Brigham is ForeScout SecureConnector.

ForeScout SecureConnector is installed on most Mass General Brigham standard Windows workstations and some PEAS-enrolled Macs. Mobile devices, such as phones or tablets, and Linux * computers are exempt at this time.

The attached list of Operation Systems (OS) are no longer supported by Mass General Brigham and therefore, not supported by ForeScout SecureConnector. 

* HOWTO: Determine whether you are using a standard or non-standard computer

Obsolete_OS_102821.xlsx

Go to KB0039035 in the IS Service Desk