Technology Standards Register

Technology	Vendor	Stage	Notes
VMware vSphere 8	Broadcom	Strategic	Primary virtualisation platform
Amazon EKS	AWS	Strategic	Primary managed Kubernetes
Amazon EC2	AWS	Strategic	Cloud compute instances
AWS Fargate	AWS	Strategic	Serverless containers
RKE2	Rancher/SUSE	Tactical	On-prem Kubernetes (DC-only)
Azure AKS	Microsoft	Tactical	Azure workloads only
VMware vSAN 8	Broadcom	Strategic	HCI storage for vSphere
AWS RDS (Aurora/PostgreSQL)	AWS	Strategic	Managed relational database
AWS S3	AWS	Strategic	Object storage
Azure SQL Managed Instance	Microsoft	Tactical	Azure-native SQL workloads
Bare Metal (physical OS)	Dell/HPE	Tactical	DB and high-performance only
Docker Desktop (developer)	Docker	Tactical	Developer machines — non-production
VMware vSphere 6.x	Broadcom	Sunset	EOL — decommission by Q4 2026
Physical tape (backup)	—	Sunset	Replaced by cloud-tier + Veeam immutable

Technology	Vendor	Stage	Notes
Cisco Catalyst 9000 Series	Cisco	Strategic	Campus switching
Cisco Nexus 9000 Series	Cisco	Strategic	DC fabric
Cisco Catalyst SD-WAN	Cisco	Strategic	Branch WAN overlay
Palo Alto NGFW (PA Series)	Palo Alto	Strategic	Internet edge and DC
Cisco Meraki (MR/MS/MX)	Cisco	Strategic	Branch / wireless
NSX-T	Broadcom	Strategic	DC micro-segmentation
Infoblox DDI	Infoblox	Strategic	DNS, DHCP, IPAM
Cisco Umbrella	Cisco	Strategic	DNS security / SaaS gateway
Cisco ISE	Cisco	Strategic	NAC / 802.1X
Palo Alto Panorama	Palo Alto	Strategic	Centralised firewall management
F5 LTM/APM	F5	Tactical	Legacy load balancing (HQ DC only)
Cisco ASA	Cisco	Containment	Legacy firewall — replace with PA
Legacy MPLS (no SD-WAN overlay)	Carriers	Containment	Branch rollout replacing
Cisco Catalyst 3850	Cisco	Sunset	EOS — replace with 9200/9300

Technology	Vendor	Stage	Notes
Windows 11 Enterprise	Microsoft	Strategic	Primary desktop OS
Microsoft Intune	Microsoft	Strategic	MDM / MAM platform
Microsoft Autopilot	Microsoft	Strategic	Zero-touch device provisioning
Citrix DaaS	Citrix	Strategic	VDI and published apps
Microsoft Defender for Endpoint	Microsoft	Strategic	EDR on all endpoints
Microsoft 365 Apps (M365)	Microsoft	Strategic	Productivity suite
Microsoft Edge	Microsoft	Strategic	Primary browser
CyberArk EPM	CyberArk	Strategic	Endpoint privilege management
MSIX App Attach	Microsoft	Strategic	VDI app layering
HP ThinPro (thin client OS)	HP	Tactical	Call centre / task workers
IGEL OS	IGEL	Tactical	High-security thin client
macOS (Sonoma)	Apple	Tactical	Approved for dev and design
Cisco Secure Client	Cisco	Strategic	Corporate VPN
Windows 10	Microsoft	Sunset	EOL Oct 2025 — migrate by Q2 2026
Internet Explorer	Microsoft	Sunset	Removed from build
SCCM (on-prem)	Microsoft	Containment	No new enrolments — Intune only
Symantec Endpoint	Broadcom	Sunset	Replaced by MDE

Technology	Vendor	Stage	Notes
Microsoft Entra ID P2	Microsoft	Strategic	IdP — SSO, MFA, CA
Microsoft Sentinel	Microsoft	Strategic	SIEM / SOAR
Microsoft Defender XDR	Microsoft	Strategic	XDR — endpoint, identity, email, cloud
CyberArk PAM	CyberArk	Strategic	Privileged access management
Cisco ISE	Cisco	Strategic	NAC, 802.1X, BYOD posture
Palo Alto Cortex XDR	Palo Alto	Strategic	Network detection and response
Cisco Umbrella	Cisco	Strategic	DNS-layer security
Azure Key Vault	Microsoft	Strategic	Secrets management (Azure/M365)
AWS Secrets Manager	AWS	Strategic	Secrets management (AWS)
Tenable Nessus / Tenable.io	Tenable	Strategic	Vulnerability scanning
Amazon Inspector	AWS	Strategic	Cloud / container vulnerability mgmt
Qualys WAS	Qualys	Tactical	Web application scanning
KnowBe4	KnowBe4	Strategic	Security awareness training
Recorded Future	Recorded Future	Tactical	Threat intelligence
Microsoft Defender for Cloud	Microsoft	Strategic	CSPM — Azure + AWS
Falco	CNCF	Strategic	Container runtime security
Mimecast	Mimecast	Containment	Email security — evaluate M365 Defender replacement
Symantec DLP	Broadcom	Containment	Replacing with Microsoft Purview DLP
RSA SecurID (hardware tokens)	RSA	Sunset	Replaced by FIDO2 + Authenticator app
McAfee / Trellix	Trellix	Sunset	Fully replaced by MDE

Technology	Vendor	Use Case	Status
Microsoft Copilot for M365	Microsoft	AI-assisted productivity	POC — Privacy review in progress
Zero Trust Network Access (ZTNA)	Cisco Secure Access	Replace split-tunnel VPN	POC — Q2 2026
Microsoft Purview DLP	Microsoft	Replace Symantec DLP	POC — Q3 2026
Network Detection & Response (NDR)	ExtraHop	East-west traffic visibility	Evaluation
AI/ML-assisted threat hunting	Microsoft Sentinel	Reduce analyst toil	Evaluation
eBPF-based security monitoring	—	Kernel-level observability	Research

ADR	Decision	Date	Status
ADR-001	Adopt Cisco SD-WAN for all branches	2024-06	Accepted
ADR-002	Migrate SCCM to Intune-only	2024-09	Accepted
ADR-003	Adopt Microsoft Sentinel as primary SIEM	2025-01	Accepted
ADR-004	EKS as primary managed Kubernetes	2025-03	Accepted
ADR-005	Adopt FIDO2 phishing-resistant MFA for all admins	2025-06	Accepted
ADR-006	Replace Symantec DLP with Microsoft Purview	2026-02	In progress

¶ Technology Standards Register