We wanted to provide a bit of clarification around web browser support and how this is assessed as part of a Cyber Essentials submission.
Browser support cycles
When a software vendor states that only the current major release, or the current plus the immediately previous release, is supported for security updates and vulnerability fixes, any browser versions older than this are considered unsupported software.
If unsupported browser versions are included in a Cyber Essentials submission, this would result in major non-compliances. Only major release information is required in your submission – where minor version is included; the assessor will verify that updates are being applied within 14 days of release as required for compliance.
Common browsers
Below is a summary of how this applies to the most common browsers with links to lifecycle information:
- Only the current Stable channel major release is fully supported and “serviced”.
- When a new version is released (approximately every 4 weeks), the previous version becomes unsupported for security updates.
- The latest Extended Stable channel is also supported.
- While Microsoft offers assisted support for the current plus three previous versions, these do not receive security fixes and therefore are not Cyber Essentials compliant.
- Only the current major release is supported for security updates.
- The previous version becomes unsupported as soon as a new major version is released.
- The latest Extended Support Release (ESR) is also supported.
- The current production version and the immediately previous version are supported.
- The latest Extended Support Release (ESR) is also supported.
Apple Safari
- Safari versions are tied to the operating system version.
- The latest Safari release may only be available on certain versions of macOS or iOS.
- For Cyber Essentials, all Safari versions in use should be listed under A6.2.1 of the submission to ensure accurate assessment.
We hope this helps clarify how browser support is assessed and what needs to be included to remain compliant.