I'm sure that certain government entities can make arrangements to have extended extended support, but more likely this is a typo that didn't get caught.
Right here is an article that should serve as a big, fat warning against what so many IT departments do: Drag their heels, kicking and screaming, and not updating within a reasonable time period after "the next generation of OS" gets out of its "bleeding edge" stage.
I worked for a state agency between 2002 and 2008 and first the in-house IT department, and then even the contractor they went for [who was, by far, worse] were running the entire set of state agencies on Windows XP and were adamant that it would be at least three years (roughly) before they'd consider Windows 7. A great many of the current ransomware attacks could be avoided either by upgrading the OS or, at the very least, consistently applying security patches as soon as possible after they are issued and yet, very often, neither of those two is done usually under the old trope of "we don't know if it will be a 'bad update.'" Bad updates have been, in my experience, very few and far between. If you want to be cautious about this then roll out the patches to a select subset of the machines you remotely manage, monitor them for a period of time, and then complete the roll out. This isn't rocket science.
Brian AKA Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134
. . . the presumption of innocence, while essential in the legal realm, does not mean the elimination of common sense outside it. The willing suspension of disbelief has its limits, or should.
~ Ruth Marcus, November 10, 2017, in Washington Post article, Bannon is right: It’s no coincidence The Post broke the Moore story