CalcEngine All Calculators

Device Lifecycle Compliance Calculator

General

Enter your fleet size, EOL device counts, and compliance target to instantly measure your device lifecycle compliance rate. See your at-risk exposure and how many devices need refresh.

Last updated: April 2026

This calculator is designed for real-world usage based on typical engineering scenarios and publicly available documentation.

The device lifecycle compliance calculator helps IT and security teams measure how much of their fleet remains within vendor-supported lifecycle. Compliance rate — the percentage of devices still receiving security patches — is a critical metric for enterprise security posture and is required by frameworks including CIS Controls, NIST SP 800-53, and the EU Cyber Resilience Act. This calculator takes four inputs: total fleet size, EOL device count (past end-of-life date), near-EOL device count (within your warning window), and your compliance target. It outputs your current in-support rate, compliance gap, and total at-risk device count — giving you the numbers you need for executive reporting, audit evidence, and refresh budget justification. Devices past their vendor end-of-life date receive no security patches. A single unpatched EOL firewall or endpoint on a critical network segment can expose your organisation to known CVEs that cannot be remediated without hardware refresh. Lifecycle compliance tracking forces these risks into visibility before they become incidents. For teams managing regulated fleets, pair this calculator with patch SLA tracking and CRA compliance scoring to build a complete picture of your device security posture. Near-EOL devices show your upcoming refresh workload — use them to drive procurement cycles well before devices fall out of support.

How to Calculate Device Lifecycle Compliance

Device Lifecycle — how it works diagram

1. Count all active managed devices in your fleet — include endpoints, servers, network hardware, and IoT devices that should be within supported lifecycle. 2. Count devices at or past their vendor end-of-life date — these receive no further security patches and directly reduce your compliance rate. 3. Count devices within your near-EOL warning window (typically 90–180 days from EOL) — these are still compliant today but signal upcoming refresh work. 4. Set your compliance target — most security frameworks require 95%+ of devices to remain within supported lifecycle. 5. The calculator computes in-support rate ((Total − EOL) ÷ Total × 100), your gap to target, and at-risk device count (EOL + near-EOL).

Formula

Compliance Rate (%) = ((Total Devices − EOL Devices) ÷ Total Devices) × 100

EOL Exposure (%)      = (EOL Devices ÷ Total Devices) × 100

Near-EOL Exposure (%) = (Near-EOL Devices ÷ Total Devices) × 100

At-Risk Devices       = EOL Devices + Near-EOL Devices

Compliance Gap (%)    = Target (%) − Compliance Rate (%)

Total Devices    — all active managed devices in the fleet
EOL Devices      — devices past vendor end-of-life, receiving no patches
Near-EOL Devices — devices within warning window of EOL (e.g. 90 days)
Target (%)       — minimum in-support rate required by policy or regulation

Example Device Lifecycle Compliance Calculations

Example 1 — Enterprise laptop fleet, behind target

Fleet: 5,000 laptops   EOL: 750   Near-EOL: 300   Target: 95%

In-Support      = 5,000 − 750 = 4,250
Compliance Rate = (4,250 ÷ 5,000) × 100 = 85.0%
Gap             = 95% − 85% = 10% → 500 more devices must be refreshed
At-Risk         = 750 + 300 = 1,050 devices (21% of fleet)

Example 2 — Network switch estate, target exactly met

Fleet: 1,200 switches   EOL: 48   Near-EOL: 120   Target: 96%

In-Support      = 1,200 − 48 = 1,152
Compliance Rate = (1,152 ÷ 1,200) × 100 = 96.0%
Gap             = 96% − 96% = 0% (target exactly met)
At-Risk         = 48 + 120 = 168 switches (14% entering EOL within 90 days)

Example 3 — IoT sensor fleet, well above target

Fleet: 20,000 sensors   EOL: 200   Near-EOL: 400   Target: 90%

In-Support      = 20,000 − 200 = 19,800
Compliance Rate = (19,800 ÷ 20,000) × 100 = 99.0%
✓ Compliant — 9% buffer above 90% target
At-Risk         = 200 + 400 = 600 sensors (3% — low risk)

Tips to Improve Device Lifecycle Compliance

Notes

Frequently Asked Questions

What is device lifecycle compliance? +
Device lifecycle compliance measures the percentage of devices in your fleet that remain within vendor-supported lifecycle — meaning the vendor still releases security patches. Devices past their end-of-life date receive no patches, making them a direct security liability. Most enterprise security policies and frameworks like CIS Controls and NIST SP 800-53 require tracking and remediating EOL devices within defined timeframes. Use the CRA Compliance Score Calculator to roll this into a broader posture score.
How do I find the EOL date for my devices? +
Most vendors publish end-of-life notices on dedicated lifecycle pages: Microsoft Lifecycle Policy, Cisco End-of-Life and End-of-Sale Notices, Red Hat Life Cycle, and Dell EOSL pages. For network hardware, check vendor product lifecycle databases. Centralise these dates in your CMDB and set alerts 180 days before EOL to allow procurement lead time and refresh planning. Many IT asset management tools (ServiceNow, Lansweeper) can ingest vendor EOL feeds automatically.
What compliance target should I set for device lifecycle? +
Most security frameworks target 95–100% for critical infrastructure. CIS Controls Level 2 and NIST 800-53 both require systems to remain within supported lifecycle. For endpoints, 95% is a common enterprise floor; for network devices, 99%+ is typical. Near-EOL devices count as "at risk" — factor them into your planning horizon, not just your current compliance rate. The right target also depends on device risk tier: internet-facing systems warrant stricter thresholds than isolated internal hardware.
What is the difference between EOL and near-EOL devices in this calculator? +
EOL (end-of-life) devices have already passed their vendor support date — they receive no security patches and directly reduce your compliance rate in this calculator. Near-EOL devices are still supported but within your warning window (typically 90–180 days from EOL). They do not reduce your current compliance rate but reveal future exposure. Tracking them separately helps you distinguish compliance failures you must fix today from refresh work you must plan for next quarter.
How does device lifecycle compliance relate to patch compliance? +
Device lifecycle compliance and patch compliance are related but distinct. Patch compliance measures whether in-support devices have received the latest patches. Lifecycle compliance measures whether those devices are still eligible to receive patches at all. An EOL device can have 100% of its last patches applied and still be a liability — no new patches will ever ship for it. Both metrics are necessary for a complete security posture. See the Patch SLA Calculator for the patch side of this picture.