Learn why upgrading from Windows 10 to Windows 11 is crucial for maintaining compliance with CMMC and NIST SP 800-171 and ensuring security.
Summit 7 is committed to ensuring the systems we manage remain secure, reliable, and compliant with all relevant regulations. Microsoft is ending support for Windows 10 in October 2025, so Summit 7 is recommending everyone upgrade to the latest supportable version.
This technical bulletin will address the importance of upgrading Microsoft Windows 10 to Windows 11.
This upgrade is crucial for maintaining security best practices and compliance with CMMC and NIST SP 800-171 with the timely application of security patches.
Compliance Risk
While multiple controls in NIST SP 800-171 (NIST SP 800-171 Rev. 2) address the importance of patching, the following domain and control is the most relevant for this technical bulletin.
3.14 SYSTEM AND INFORMATION INTEGRITY
3.14.1 – Identify, report, and correct system flaws in a timely manner.
“Organizations identify systems that are affected by announced software and firmware flaws including potential vulnerabilities resulting from those flaws and report this information to designated personnel with information security responsibilities. Security-relevant updates include patches, service packs, hot fixes, and anti-virus signatures…”
Microsoft follows a fixed or modern lifecycle policy for its products, providing updates during mainstream and extended support phases (Microsoft Windows version support lifecycle). Once a version reaches end-of-life (EOL), it no longer receives security patches. This creates significant risks for organizations, particularly those handling CUI, as unsupported systems are vulnerable to exploitation by malicious actors.
Security Risk
In addition to the compliance risks, there are security risks addressed by staying on a supported version. The security risks associated with running unsupported versions include:
- Security Vulnerabilities: Without patches, systems are exposed to known security flaws that can be exploited, increasing the likelihood of data breaches, ransomware, and other cyberattacks.
- Operational Disruptions: Outdated systems are more prone to failures and downtime, impacting productivity and business continuity. The lack of updates also increases the risk of system instability, further compounding operational risks.
Current Status: Supported and Unsupported Versions
See the table below for Windows Client lifecycle support.
|
Operating System |
Support Status |
End of Support Date |
|
Windows 8.1 |
Unsupported |
January 10, 2023 |
|
Windows 10 |
Supported (Modern Policy) |
October 14, 2025 |
|
Windows 11 |
Supported (Modern Policy) |
Ongoing, updates continue |
NOTE: Microsoft offers an ‘Extended Security Updates (ESU) program for Windows 10’; see link in the References section below for more details.
Guardian for M365 Support
Summit 7’s Guardian for Microsoft 365 service includes upgrades of these workstations at no additional cost. Your Guardian support team will evaluate your environment to identify and upgrade Windows 10 systems. Post upgrade support is available for the operating system and commercial off-the-shelf (COTS) applications.
If you want to talk to someone on our team about how Guardian can support your environment, fill out the form below and we will be in touch shortly.
References
- NIST Special Publication SP 800-171 Rev. 2
- Microsoft Windows version support lifecycle
- Extended Security Updates (ESU) program for Windows 10 | Microsoft Learn
