Language selection

Government of Canada / Gouvernement du Canada

Search

Direction for Discontinued Use of Unsupported Microsoft Desktop Operating Systems on Government of Canada Networks

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Note to readers

The Direction for Discontinued Use of Unsupported Microsoft Desktop Operating Systems on Government of Canada Networks ITPIN is no longer in effect. It was migrated to Appendix H: Standard on At-Risk Information Technology as of May 04, 2022.

Information Technology Policy Implementation Notice (ITPIN)

ITPIN No: 2015-04

Date:

The purpose of this ITPIN is to direct departments and agencies to discontinue the use of unsupported Microsoft desktop operating systems on Government of Canada (GC) networks.

This ITPIN is effective immediately and applies to all Government of Canada departments and agencies within the meaning of Schedules I, I.1 and II of the Financial Administration Act. Departments and agencies are expected to be in compliance with the requirements as set forth in this ITPIN by .

Background

Adversaries often target known vulnerabilities in unsupported operating systems.  Security fixes and updates are no longer being provided to unsupported operating systems, so users are unable to patch their systems, making these hosts extremely vulnerable to compromise.

At this time, all versions of Microsoft operating systems prior to Windows Vista are unsupported by Microsoft.  This includes, but is not limited to, Windows XP, Windows 2000, Windows 98, and Windows 95.

As stated in Treasury Board's Operational Security Standard: Management of Information Technology Security, Section 9.4, the department's Chief Information Officer is responsible for ensuring the effective and efficient management of the department's information and IT assets.

Direction

Departments and agencies are to discontinue the use of all devices using unsupported Microsoft desktop operating systems from the GC networks or the Internet by . Exemptions to this directive will not be provided.

Devices using unsupported Microsoft desktop operating systems that are required to meet operational needs after are to be isolated and contained within a tightly controlled network environment with no access to GC networks or the Internet.

Operating unsupported desktop operating system devices in isolation zones is to be considered a temporary measure and the rationale and operating strategy is to be submitted to Treasury Board Secretariat's Chief Information Officer Branch (CIOB) each year as part of the IT Risk section in the annual departmental IT Plan.

Departmental Chief Information Officers or equivalents are directed to put in place active measures to ensure that access to GC networks by unsupported desktop operating systems is denied. These measures are to include utilization of network access control, profilers, scanners and tools to detect devices using unsupported Windows desktop operating systems.

References

Additional information may be found in the following resources:

Please address any inquiries you may have by email to the CIOB IT Division.

Marc Brouillard
Chief Technology Officer of the Government of Canada
Chief Information Officer Branch
Treasury Board of Canada Secretariat
Report a problem or mistake on this page

Privacy statement

The information you provide through this survey is collected under the authority of the Department of Employment and Social Development Act (DESDA) for the purpose of measuring the performance of Canada.ca and continually improving the website. Your participation is voluntary.

Please do not include sensitive personal information in the message box, such as your name, address, Social Insurance Number, personal finances, medical or work history or any other information by which you or anyone else can be identified by your comments or views.

Any personal information collected will be administered in accordance with the Department of Employment and Social Development Act, the Privacy Act and other applicable privacy laws governing the protection of personal information under the control of the Department of Employment and Social Development. Survey responses will not be attributed to individuals.

If you wish to obtain information related to this survey, you may submit a request to the Department of Employment and Social Development pursuant to the Access to Information Act. Instructions for making a request are provided in the publication InfoSource, copies of which are located in local Service Canada Centres.

You have the right to file a complaint with the Privacy Commissioner of Canada regarding the institution’s handling of your personal information at: How to file a complaint.

When making a request, please refer to the name of this survey: Report a Problem or Mistake on This Page.

Page details

Date modified: