Direction for Discontinued Use of Unsupported Microsoft Desktop Operating Systems on Government of Canada Networks

Information Technology Policy Implementation Notice (ITPIN)

ITPIN No: 2015-04

Date:

The purpose of this ITPIN is to direct departments and agencies to discontinue the use of unsupported Microsoft desktop operating systems on Government of Canada (GC) networks.

This ITPIN is effective immediately and applies to all Government of Canada departments and agencies within the meaning of Schedules I, I.1 and II of the Financial Administration Act. Departments and agencies are expected to be in compliance with the requirements as set forth in this ITPIN by .

Background

Adversaries often target known vulnerabilities in unsupported operating systems.  Security fixes and updates are no longer being provided to unsupported operating systems, so users are unable to patch their systems, making these hosts extremely vulnerable to compromise.

At this time, all versions of Microsoft operating systems prior to Windows Vista are unsupported by Microsoft.  This includes, but is not limited to, Windows XP, Windows 2000, Windows 98, and Windows 95.

As stated in Treasury Board's Operational Security Standard: Management of Information Technology Security, Section 9.4, the department's Chief Information Officer is responsible for ensuring the effective and efficient management of the department's information and IT assets.

Direction

Departments and agencies are to discontinue the use of all devices using unsupported Microsoft desktop operating systems from the GC networks or the Internet by . Exemptions to this directive will not be provided.

Devices using unsupported Microsoft desktop operating systems that are required to meet operational needs after are to be isolated and contained within a tightly controlled network environment with no access to GC networks or the Internet.

Operating unsupported desktop operating system devices in isolation zones is to be considered a temporary measure and the rationale and operating strategy is to be submitted to Treasury Board Secretariat's Chief Information Officer Branch (CIOB) each year as part of the IT Risk section in the annual departmental IT Plan.

Departmental Chief Information Officers or equivalents are directed to put in place active measures to ensure that access to GC networks by unsupported desktop operating systems is denied. These measures are to include utilization of network access control, profilers, scanners and tools to detect devices using unsupported Windows desktop operating systems.

References

Additional information may be found in the following resources:

Please address any inquiries you may have by email to the CIOB IT Division.

Marc Brouillard
Chief Technology Officer of the Government of Canada
Chief Information Officer Branch
Treasury Board of Canada Secretariat
Report a problem or mistake on this page
Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: