<Past |
Future> |
XP Pro SP2 |
Unapproved |
Unapproved |
Unapproved |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
XP Pro SP3 |
Unapproved |
Unapproved |
Unapproved |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Embed POSReady 2009 |
Unapproved |
Unapproved |
Unapproved |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Vista |
Unapproved |
Unapproved |
Unapproved |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Vista SP1 |
Unapproved |
Unapproved |
Unapproved |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Vista SP2 |
Unapproved |
Unapproved |
Unapproved |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Windows 7 |
Unapproved |
Unapproved |
Unapproved |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Windows 7 SP1 |
Unapproved |
Unapproved |
Unapproved |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Embedded POSReady 7 |
Unapproved |
Unapproved |
Unapproved |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Windows 8 |
Unapproved |
Unapproved |
Unapproved |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Windows 8.1 |
Unapproved |
Unapproved |
Unapproved |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Embedded Handheld6.5 |
Unapproved |
Unapproved |
Unapproved |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Win 10 (LTSB 1507) |
Unapproved |
Unapproved |
Unapproved |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Win 10 (LTSB 1607) |
Unapproved |
Unapproved |
Unapproved |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Win 10 (LTSC 1809) |
Unapproved |
Unapproved |
Unapproved |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Windows 10 (FU 1709) |
Unapproved |
Unapproved |
Unapproved |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Windows 10 (FU 1803) |
Unapproved |
Unapproved |
Unapproved |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Windows 10 (FU 1809) |
Unapproved |
Unapproved |
Unapproved |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Windows 10 (FU 1903) |
Unapproved |
Unapproved |
Unapproved |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Windows 10 (FU 1909) |
Unapproved |
Unapproved |
Unapproved |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Windows 10 (FU 2004) |
Unapproved |
Unapproved |
Unapproved |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Windows 10 (FU 20H2) |
Unapproved |
Unapproved |
Unapproved |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Windows 10 (FU 21H1) |
Unapproved |
Unapproved |
Unapproved |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Windows 10 (FU 21H2) |
DIVEST [18, 22, 23, 24] |
DIVEST [18, 22, 23, 24, 25] |
Unapproved |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Windows 10 (FU 22H2) |
Approved w/Constraints [18, 22, 23, 24] |
Approved w/Constraints [18, 22, 23, 24, 25] |
Approved w/Constraints [18, 22, 23, 24, 25] |
Authorized w/ Constraints [18, 22, 23, 24] |
Authorized w/ Constraints [18, 22, 23, 24] |
Authorized w/ Constraints (DIVEST) [18, 22, 23, 24] |
Authorized w/ Constraints (DIVEST) [18, 22, 23, 24] |
Authorized w/ Constraints (DIVEST) [18, 22, 23, 24] |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Windows 11 (FU 21H2) |
Approved w/Constraints (PLANNING/EVALUATION) [1, 18, 22, 23, 24] |
Approved w/Constraints [18, 22, 23, 24, 25] |
Approved w/Constraints [18, 22, 23, 24, 25] |
Authorized w/ Constraints [18, 22, 23, 24] |
Authorized w/ Constraints [18, 22, 23, 24] |
Authorized w/ Constraints [18, 22, 23, 24] |
Authorized w/ Constraints (DIVEST) [18, 22, 23, 24] |
Authorized w/ Constraints (DIVEST) [18, 22, 23, 24] |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Windows 11 (FU 22H2) |
Approved w/Constraints (PLANNING/EVALUATION) [1, 18, 22, 23, 24] |
Approved w/Constraints [18, 22, 23, 24, 25] |
Approved w/Constraints [18, 22, 23, 24, 25] |
Authorized w/ Constraints [18, 22, 23, 24] |
Authorized w/ Constraints [18, 22, 23, 24] |
Authorized w/ Constraints [18, 22, 23, 24] |
Authorized w/ Constraints (DIVEST) [18, 22, 23, 24] |
Authorized w/ Constraints (DIVEST) [18, 22, 23, 24] |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Windows 11 (FU 23H2) |
Unapproved |
Approved w/Constraints [18, 22, 23, 24, 25] |
Approved w/Constraints [18, 22, 23, 24, 25] |
Authorized w/ Constraints [18, 22, 23, 24] |
Authorized w/ Constraints [18, 22, 23, 24] |
Authorized w/ Constraints [18, 22, 23, 24] |
Authorized w/ Constraints [18, 22, 23, 24] |
Authorized w/ Constraints [18, 22, 23, 24] |
Authorized w/ Constraints (DIVEST) [18, 22, 23, 24] |
Authorized w/ Constraints (DIVEST) [18, 22, 23, 24] |
Authorized w/ Constraints (POA&M) |
Authorized w/ Constraints (POA&M) |
Windows 11 (FU 24H2) |
Unapproved |
Unapproved |
Unapproved |
Authorized w/ Constraints [18, 22, 23, 24] |
Authorized w/ Constraints [18, 22, 23, 24] |
Authorized w/ Constraints [18, 22, 23, 24] |
Authorized w/ Constraints [18, 22, 23, 24] |
Authorized w/ Constraints [18, 22, 23, 24] |
Authorized w/ Constraints [18, 22, 23, 24] |
Authorized w/ Constraints [18, 22, 23, 24] |
Authorized w/ Constraints [18, 22, 23, 24] |
Authorized w/ Constraints [18, 22, 23, 24] |
Note: |
At the time of writing, Windows 11 (FU 24H2) is the most current version, released 03/01/2025. A standard configuration of this technology was developed by the DDE team. The standard version is Windows 11 (FU 23H2), and version Windows 11 (FU 24H2) is under testing and development for six weeks from 11/08/2024. |
| | [18] | This technology has received one or more VA security bulletins that provide specific guidance on vulnerability patching and mitigation. It is the responsibility of VA system owners to ensure that the appropriate mitigations are taken to address all known and future discovered vulnerabilities with this product. See the Reference tab for more information on security bulletins related to this product. | | [22] | Due to National Institute of Standards and Technology (NIST) identified security vulnerabilities, extra vigilance should be applied to ensure the versions remain properly patched to mitigate known and future vulnerabilities. The local ISSO (Information System Security Officer) can provide assistance in reviewing the NIST vulnerabilities. | | [23] | Per the Initial Product Review for Hyper-V, users must abide by the following constraints:
- This technology is currently unapproved due to VA standardization and the lack of a required VA baseline. DISA states the following:
“Microsoft has produced a security guide for Hyper-V. However, due to funding constraints, this is listed on the unfunded STIG development list. When a STIG does not exist, organizations may use a vendor developed guide to use to configure their systems. Organizations using the Hyper-V software need to also review the appropriate Windows Server STIG when setting up their Hyper-V system.”
The only security guides listed are for Server 2012 and 2016. No guideline was found for Windows 10 and the vendor was unable to provide one.
- Due to potential information security risks, Software as a Service/ Platform as a Service (SaaS/PaaS) solutions must complete the Veterans-Focused Integration Process Request (VIPR) process where a collaborative effort between Demand Management (DM), Enterprise Program Management Office Information Assurance (EPMO IA), Digital Transformation Center (DTC), Enterprise Cloud Solutions Office (ECSO), Chief Technology Officer (CTO), and stakeholders determines the SaaS/PaaS category during the Discovery Phase. All SaaS and Non-AWS or Azure (VAEC) PaaS assets are routed to EPMO IA for Analysis and Approval to Operate (ATO) with technical oversight,
acquisition, production, and sustainment provided by DTC.
Per the Initial Product Review for Windows Embedded Handheld, users must abide by the following constraints:
- Due to the lack of documentation and vendor support, there is no way to determine if Windows Embedded Handheld is FIPS 140-2 certified. Windows Embedded Handheld cannot be used for processing any data containing Personal Health Information (PHI), Personally Identifiable Information (PII), or VA sensitive information.
- According to the vendor, an Original Equipment Manufacturer (OEM) such as Zebra would be responsible for support after the EOL date. The OEM cannot confirm or demonstrate an acceptable level of support after Windows Embedded Handheld EOL date.
- Neither the vendor nor the OEM can demonstrate a support model in which the devices would be patched or updated.
The Windows App Store is currently disabled by VA policy and the only Windows Apps that are allowed to be used are those bundled with and are part of official VA Windows baselines produced by Endpoint Engineering.
VA security configuration baseline standards and deployment standards for Windows Client images, including standards for Active Directory must be followed and adhered to unless an appropriate Plan Of Action and Milestone (POA&M) is granted. See the reference section for more information and links to the official standards.
Users must utilize authorized internet browsers, as Microsoft Internet Explorer has reached End of Life status. | | [24] | Veterans Affairs (VA) users must ensure VA sensitive data is properly protected in compliance with all VA regulations. All instances of deployment using this technology should be reviewed by the local ISSO (Information System Security Officer) to ensure compliance with both VA Handbook 6500 and VA Directive 6500. | | [25] | The Federal Information Processing standards (FIPS) 140-2 certification status of this technology was not able to be verified. This technology will require a 3rd party FIPS 140-2 or 140-3 certified solution for any data containing PHI/PII or VA sensitive information, where applicable. More information regarding the Cryptographic Module Validation Program (CMVP) can be found on the NIST website. |
|