Asset Retention
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing Certified Information Systems Security Professional premium course — no separate purchase.
Included in this chapter:
- Retention as a requirement-driven decision
- Legal hold and defensible disposal
- End-of-life, end-of-support, and unsupported components
- Exam-pattern recognition
End-of-life vs end-of-support: what changes and what the leader does
| Aspect | End-of-Life (EOL) | End-of-Support (EOS) |
|---|---|---|
| What the vendor stops | Selling and active feature development of the product | Issuing security patches, updates, and fixes |
| Security impact | Low on its own: the product still gets patches for a time | High: new vulnerabilities are never fixed; exposure widens over time |
| The date to manage against | Useful for planning the migration runway | The hard deadline: cross it unmanaged and the asset is unpatchable |
| Primary response | Plan replacement / migration before EOS arrives | Replace, or provide alternative support; else isolate + compensating controls (SA-22) |
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.
References
- NIST SP 800-53 Rev. 5: Security and Privacy Controls for Information Systems and Organizations (SI-12 Information Management and Retention; SA-22 Unsupported System Components) Whitepaper
- NIST SP 800-88 Rev. 1: Guidelines for Media Sanitization (clear/purge/destroy; cross-reference for disposal execution) Whitepaper
- Microsoft Lifecycle FAQ: Fixed vs Modern Lifecycle Policy (defined end-of-support dates)