Device Operating System (OS) Compliance Requirements

Vulnerabilities are discovered frequently in software and they put your computer, data and the enterprise at risk. In order to stay secure and compliant with Mass General Brigham policies, make sure that you are running a current, supported Operating System (OS) and that your software applications are up to date. See below the table for a list of policies.

Devices connecting to the Mass General Brigham network will be checked for compliance with security requirements by the Network Access Control (NAC) tool. According to policy, all non-compliant, compromised or infected devices will be removed from the network. See below to read more about NAC at Mass General Brigham.

OS/Device

Minimum Supported Version

Self Service Instructions

Support / Contact

Windows Computer  

Digital Service Desk
857-282-HELP

     Standard *

Win10 22H2 or above, Win 11 22H2 or above

No action (these are managed by Digital)
     Non-standard KB0031028
     Personal KB0031028
Macintosh Computer (MAC) MacOS 13 or above  KB0037831
iOS or iPadOS  iOS or iPad OS 16 or above  KB0014183
Android 12 or above KB0033128
Windows Server
     Hosted in the data center 2016 or above No action (these are managed by Digital)
     Not hosted in the data center Contact the Digital Service Desk to determine next steps.
Linux Server
     Hosted in the data center CentOS 7 or above No action (these are managed by Digital)
     Not hosted in the data center Contact the Digital Service Desk to determine next steps.

 

Policies 

EISP 1.2: Enterprise Information Security Policy

EISS-12a.4: Enterprise IT Acquisition, SDLC and Maintenance Standards: General Use IT Systems

More about NAC

Mass General Brigham (MGB) is committed to providing a consistent computing experience across all devices used at work to assure productive, stable and secure computers (Windows PCs, Apple Macs, smartphones and tablets). Network Access Control (NAC) is a component of the overall effort with a focus on strengthening the security of our environment. 

Network Access Control (NAC) checks devices connecting to the Mass General Brigham computer network for compliance with specific security policies. The current agent used at Mass General Brigham is ForeScout SecureConnector.

ForeScout SecureConnector is installed on most Mass General Brigham standard Windows workstations and some PEAS-enrolled Macs. Mobile devices, such as phones or tablets, and Linux * computers are exempt at this time.

The attached list of Operating Systems (OS) are no longer supported by Mass General Brigham and therefore, not supported by ForeScout SecureConnector. 

* HOWTO: Determine whether you are using a standard or non-standard computer

Go to KB0039035 in the IS Service Desk