Critical Updates Policy

Critical Updates are defined as OS-level patches which are necessary to keep the operating system itself as secure and problem-free as possible. Computer Systems on the UCAR network must have critical updates available for them; or they must exist on a guest or private network instead. Critical Updates for Windows systems on the CIT domain are provided through a service called "Windows Update Service". They can also be dowloaded and applied using Internet Explorer at the site

Patches for  Linux systems are provided by a service called "yum" which runs nightly and applies patches found on ACD's yum server.

Patches for Macintosh systems are provided through the Software Update applet which is run from System Preferences.

The following policies are designed to ensure that all computer systems on the UCAR network are patched and up to date, minimizing their risk to the security of the network at large.

  • Emergency Patches may be required by the UCAR security administrator who will also determine the time frame by which those patches must be applied. Exceptions are allowed, but they must be approved by the UCAR security administrator and the ACD Primary Sysadmins. Exceptions are merely extensions -- in almost all cases, a security-critical emergency patch will eventually be required.
  • New critical patches must be applied within a week of release. For systems on yum or Windows Update Service, this will be automatic. For other systems, the primary user must manually scan for new critical patches and apply them.
  • Machines which do not have a current set of patches (within a week of release or where an extension has been granted) may not be attached to the UCAR network until those patches have been applied.
  • Machines on guest or private networks are exempt from these patch requirements. However it is strongly recommended that even these machines get any critical updates which may be avaialable to them.




ACOM | Atmospheric Chemistry Observations & Modeling