Lifecycle Resources
Reference material, sourced. Not a blog.
Dates are on the vendor pages. This is everything else. Terminology decoder, compliance impact, post-EoL security exposure. Content you'd otherwise assemble from a dozen vendor PDFs and regulatory texts.
-
Vendor Lifecycle Terminology
What each vendor calls each milestone. Cisco's End of Software Maintenance is not Juniper's End of Software Engineering is not HPE Aruba's End of Software Support. Cross-reference with citations.
-
Compliance and Insurance Impact
What PCI-DSS 6.3.3, HIPAA 164.308, and NIST SP 800-53 SA-22 actually say about unsupported systems. Plus how cyber-insurance underwriters treat EoL hardware. Clause-level citations.
-
Post-EoL Security Exposure
Devices past their security-support date that are named in CISA's Known Exploited Vulnerabilities catalog. Per-vendor totals, specific SKUs, CVE-level drill-in on each product page.
-
CISA BOD 26-02
Federal directive on end-of-support edge devices, issued 2026-02-05. Inventory deadline 2026-05-05, decommissioning waves through 2028. Verbatim CISA quotes plus a cross-reference to our catalog of currently-EoS/EoL products from the commonly-named vendors.
-
NY DFS §500.13
New York's cybersecurity regulation for financial-services covered entities. §500.13(a)(1)(iv) names "support expiration date" as a required asset-inventory field, effective 2025-11-01. Verbatim regulation text and dfs.ny.gov citations.
-
PCI-DSS Requirement 12.3.4
Annual review of hardware and software at vendor end-of-support. Required since 2025-03-31. Distinct from Requirement 6.3.3 (patch SLA). Verbatim quotes from the publicly-available PCI SSC Summary of Changes; standard text is paywalled.
-
Guides
Short reference articles. What EOL means, how it differs from EOS, the security implications, compliance requirements, how to audit your inventory. Written for engineers, not search engines.