Domain 3 of 5 · Chapter 2 of 8

Life-Cycle Management

Unlock the complete study guide + 1,040 practice questions across 16 full exams.

Bundled into the existing CompTIA Network+ premium course — no separate purchase.

Included in this chapter:

  • EOL vs EOS: the two dates and why one is dangerous
  • Software, firmware, and patch management
  • Hardware refresh cycles
  • Decommissioning and media sanitization

Life-cycle milestones and what each one changes

MilestoneWhat it meansSecurity updates after it?Right response
End of sale / end of life (EOL)Vendor stops selling and manufacturing the modelYes, still patched until end of supportNote it, plan the eventual refresh
End of support (sometimes also called EOL)Vendor stops shipping fixes, including security patchesNo, unless paid extended support existsReplace the device, or buy extended support
Extended support / extended security updatesOptional paid window for security fixes onlySecurity only, no new features or non-security fixesBridge while you migrate, not a permanent home
Hardware refreshScheduled replacement before end of support or wear-outN/A (new gear is supported)Budget and migrate on the 3 to 5 year cycle
DecommissioningDevice removed from service for goodN/ASanitize data, strip config, reclaim licenses, update inventory

Decision tree

Past vendorend of support?NoYesPatch on scheduleassess, test, deploy, verify;keep version inventory currentStaying in service?or being retired now?Retiring nowMust stayDecommissionsanitize storage (NIST 800-88),remove config + credentials,reclaim licenses, update inventoryVendor offers paidextended support?YesNoBuy extended supportsecurity fixes only; use as abridge while you migrateReplace nowon the 3 to 5 yearrefresh cycleNever: keep "applying the latestpatch" past end of support;none are issued, exposure only grows

Cheat sheet

  • End of support, not end of sale, is when security patches stop
  • Past end of support, the fix is to replace the device, not patch it
  • The same date is confusingly labeled EOL by some vendors
  • Extended support delivers security fixes only, as a migration bridge
  • You cannot patch what you have not inventoried, so track versions
  • Firmware is software too, and it gets security fixes
  • Patch management runs assess, test, deploy, verify on a loop
  • Updates flow through change management, with a rollback plan
  • Refresh hardware on a 3 to 5 year cycle, before it ages out
  • The asset inventory drives both patching and refresh planning
  • Decommissioning is a security task, not just unplugging a box
  • Remove config and credentials when decommissioning
  • Reclaim licenses and update inventory before the device leaves
  • NIST SP 800-88 defines three sanitization levels: Clear, Purge, Destroy
  • Match the sanitization method to where the media goes next
  • Degaussing erases magnetic media only, never SSDs
  • Cryptographic erase destroys the key, not the bits
  • Sanitization must be verified and documented with a certificate

Unlock with Premium — includes all practice exams and the complete study guide.

Also tested in

References

  1. Fixed Lifecycle Policy
  2. NIST SP 800-88 Rev. 1: Guidelines for Media Sanitization Whitepaper