Security Wiki

IASME Security Update  (Cyber Essentials)

Written by Craig Pepper | Sep 30, 2025 11:26:55 AM

This page summarises the key operating system (OS) and end-user device (EUD) support updates highlighted in the latest IASME webinar. These updates are particularly important for maintaining Cyber Essentials and Cyber Essentials Plus compliance, as running unsupported software is a common cause of certification failure.

Windows Updates

  • Windows 10 22H2 (All Editions)

    • End of Life (EOL): 14 October 2025

    • After this date, all Windows 10 22H2 devices will require extended support agreements to remain compliant.

    • Cyber Essentials impact: Devices without extended support will be deemed unsupported and non-compliant.

    • Action: Begin upgrade planning or ensure extended support is in place.

  • Windows 11 23H2 (Home, Pro editions)

    • End of Life (EOL): 11 November 2025

    • After this date, extended support confirmation is required for Cyber Essentials compliance.

    • Action: Upgrade to newer Windows 11 builds (e.g., 24H2) before expiry.

Apple macOS Updates

IASME considers the following macOS versions as supported:

  • Tahoe 26

  • Sequoia 15.7

  • Sonoma 14.8

Cyber Essentials impact: Running these supported versions ensures compliance. Devices on older macOS releases (e.g., Monterey or earlier) must be updated or decommissioned.

Mobile Devices

Apple iOS / iPadOS

Currently supported versions under Cyber Essentials:

  • iOS / iPadOS 26

  • iOS / iPadOS 18.7

  • iPadOS 17.7.10

  • iOS / iPadOS 16.7.12

Note: iOS 17 is not considered supported since no updates have been released in almost a year.
Cyber Essentials impact: Devices running iOS 17 will be marked non-compliant.

Android

Supported versions are:

  • Android 16

  • Android 15

  • Android 14

  • Android 13

Cyber Essentials impact: Devices running below Android 13 are considered unsupported and will cause compliance failures.

Key Takeaways for Cyber Essentials

  1. Unsupported OS = Automatic Non-Compliance
    Devices running operating systems beyond their vendor support window are not permitted under Cyber Essentials.

  2. Extended Support Must Be Proven
    If using extended support (e.g., for Windows 10 22H2), organisations must be able to evidence coverage during Cyber Essentials audits.

  3. Mobile Device Management
    Regular checks are essential to ensure all iOS/iPadOS and Android devices are on supported versions.

  4. Audit and Decommissioning
    Unsupported systems should be upgraded, replaced, or fully removed from scope to maintain certification.

Recommended Actions (for Cyber Essentials compliance)

  • Audit your EUD estate (Windows, macOS, iOS/iPadOS, Android).

  • Identify any devices approaching EOL.

  • Put plans in place for upgrades or confirm extended support.

  • Remove or replace devices that cannot be updated.

  • Keep evidence of support status (vendor links, extended support contracts) ready for your Cyber Essentials assessor.

 
View full post