Use 64-bit Operating Systems Where Supported
Use 64-bit operating systems if they are supported by your computer.
Plain language
Using a 64-bit operating system on your computer means it can handle more data and process tasks more efficiently. If you're using an older or less capable system, you might be more vulnerable to viruses and other security threats, which can slow down your business or expose your data to hackers.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Nov 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for system hardeningSection
Operating system hardeningOfficial control statement
Where supported, 64-bit versions of operating systems are used.
Why it matters
Failing to use 64-bit OSs reduces performance and security, increasing susceptibility to attacks like buffer overflows.
Operational notes
Standardise on 64-bit OS editions where vendor-supported; block 32-bit deployments except by approved exception, and review hardware/driver/app compatibility before upgrades.
Implementation tips
- IT team should review current operating systems on all company devices to see if they are 32-bit or 64-bit. They can do this by checking system settings on each device where the operating system details are displayed.
- System owner should plan an upgrade strategy for devices currently using 32-bit systems. They can do this by consulting with their IT provider to determine the steps needed to transition to a 64-bit system, including potential hardware upgrades.
- Procurement should ensure future computer purchases are 64-bit capable. When buying new computers, ask vendors for confirmation that the systems support 64-bit operating systems.
- IT team should update software on 64-bit systems regularly. They should set automated updates or check monthly for patches and updates to ensure security vulnerabilities are mitigated.
- Managers should communicate the benefits of 64-bit systems to staff. This can be done via an email or meeting, explaining how it helps in running software efficiently and protecting company data from threats.
Audit / evidence tips
-
Askan inventory list of all operating systems used
GoodThe list should show all systems are 64-bit where hardware supports it
-
GoodA clear schedule with allocated resources and completion targets in the next 6 months
-
GoodPurchase orders state '64-bit' in the product specifications
-
Askreports from system monitoring tools. Verify if they track and alert for non-compliant 32-bit systems
GoodMonitoring logs that show checks and alerts for any 32-bit systems remaining
-
GoodDocumented communication explaining efficiencies and security advantages
Cross-framework mappings
How ISM-1408 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
E8
| Control | Notes | Details |
|---|---|---|
| handshake Supports (2) expand_less | ||
| E8-PO-ML1.8 | ISM-1408 requires organisations to use 64-bit operating systems where supported | |
| E8-PO-ML3.9 | ISM-1408 requires organisations to use 64-bit versions of operating systems where supported | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.