YALE-MSS-5.3: Run supported software and operating systems

Standards Group:
YALE-MSS-5: Software Security

YALE-MSS-5.3: Run supported software and operating systems

Low Risk Endpoint Required Moderate Risk Endpoint Required High Risk Endpoint Required Low Risk Server Required Moderate Risk Server Required High Risk Server Required Low Risk Mobile Device Required Moderate Risk Mobile Device Required High Risk Mobile Device Required Low Risk Network Printer Required Moderate Risk Network Printer Required High Risk Network Printer Required

Details

Supported software, whether an application or operating system (OS), is that for which security updates are still available. Support could come from a manufacturer (e.g., Apple, Microsoft) or an open-source project. When software reaches the end of its lifecycle, technical support, bug fixes, and security patches also cease.

Unsupported operating systems are wide-open doors for hackers and cyber attacks. When operating systems reach their end of life (i.e. are no longer supported), they no longer provide:

  • technical support for issues
  • bug fixes for issues that are discovered
  • security fixes for vulnerabilities that are discovered

Vendors and software projects normally provide advance notice of when their application or OS will go out of support. These dates should be used to plan for upgrading or replacing software before it reaches end-of-life. Note that this may require replacing hardware to run a newer application or OS.