[Faculty] UC Cybersecurity Mandate Update: Next Steps in UCR’s Compliance Support Plan

UCR Information Technology Solutions its at ucr.edu
Mon Aug 4 14:26:30 PDT 2025 

[image: image]

Colleagues,

Thanks to the high overall compliance rate we achieved on the UC
Cybersecurity Mandate, UC Riverside is moving forward with the next steps
in our compliance support plan
<https://insideucr.ucr.edu/announcements/2025/06/05/updates-ucrs-plan-ensure-compliance-uc-cybersecurity-mandate-2025>
(see
previous compliance support plan updates from March 24
<https://insideucr.ucr.edu/announcements/2025/03/24/how-ucr-complying-uc-cybersecurity-mandate>
and May 19, 2025
<https://insideucr.ucr.edu/announcements/2025/05/19/ucrs-plan-comply-uc-cybersecurity-mandate>).
Outlined below are updates on the compliance support plan and its timeline.
Cybersecurity Training Validation and Secured Access Checks

The university will implement security compliance checks in phases,
beginning September 2025. Security compliance checks refer to a
verification process that ensures both the device and user meet UC security
standards <https://its.ucr.edu/cybersecurity-mandate-2025> before granting
access to a secure UCR resource. These standards include:


   -

   The user who is attempting to gain access has completed their annual UC
   Cyber Security Awareness Fundamentals training
   -

   The device attempting to gain access is running the UCR Security Toolset


All UCR employees and affiliates are subject to compliance with the UC
Cybersecurity Mandate 2025 with the exception of academic student employees
(additionally, retirees and emeriti are not subject to the cybersecurity
training requirement).
What This Means for You

If you are current on your UC Cyber Security Awareness Fundamentals
training and you have the UCR security toolset installed on your device, no
further action is required on your part (departments that are part of the
SDS program
<https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0012086>
already have the UCR security toolset on their device).

Once the security compliance checks are in place, employees and affiliates
who do not meet the UC security standards
<https://its.ucr.edu/cybersecurity-mandate-2025> will be asked to take the
appropriate steps to come into compliance. Additionally, non-compliance
with the UC security standards will result in the inability to access
secure UCR resources, with the following exceptions:

   -

   Zoom
   -

   Slack
   -

   Office 365
   -

   Google Workspace
   -

   ServiceNow
   -

   Canvas
   -

   UC Learning Center
   -

   Virtual Private Network (VPN)

Please note that the list of resources excluded from compliance checks will
be reevaluated as part of ongoing operations to determine whether any
changes need to be made for security or user accessibility purposes. In the
event of a change to this resource list, campus will be notified.

Also note that additional compliance measures may be required and guidance
will be provided as details are available.
UCR’s Security Verification Mechanism: Duo Desktop

In preparation for the implementation of the security compliance checks,
the UCR security toolset will be upgraded in August 2025 to Version 1.2
<https://docs.google.com/document/d/1R9d0zK7M-4o-YsihgjZSXB-KuqooxjSJuTmzruI0AB4/edit?tab=t.0#heading=h.aiwuilnn557y>,
which will include the deployment of Duo Desktop to all devices that
contain the toolset.


   -

   August 4, 2025: Most administrative orgs and some academic orgs using
   Secured Device Services
   <https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0012086>
   (SDS) will receive the upgrade, which includes Duo Desktop.
   -

   August 21, 2025: All remaining orgs* and all remaining devices that have
   the UCR security toolset installed will receive the upgrade, which includes
   Duo Desktop.


*Orgs that will receive the upgrade on August 21 include School of
Business, School of Public Policy, Bourns College of Engineering, College
of Humanities, Arts, and Social Sciences, College of Natural and
Agricultural Sciences, and University Advancement.

Duo Desktop is an application that is part of Duo, UCR’s identity security
provider. As previously communicated in our May 16, 2025, email, UCR
upgraded its Duo service to leverage Duo Desktop as the mechanism for
verifying that both the device and user meet UC security standards before
granting access to secure UCR resources.

Information about the application and its cybersecurity benefits, data
collection <https://help.duo.com/s/article/5566?language=en_US>, and use as
a verification mechanism, as well as its planned deployment and management,
can be found in the UCR Security Toolset Whitepaper
<https://docs.google.com/document/d/1R9d0zK7M-4o-YsihgjZSXB-KuqooxjSJuTmzruI0AB4/edit?usp=sharing>
.


To learn more about the upgraded UCR security toolset, please read the FAQs:
UCR Security Toolset Version 1.2 Release
<https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0012322>
(UCR login required). If you have any questions or concerns, you are
encouraged to join the UC Cybersecurity Mandate office hours with ITS. You
will find the updated schedule at events.ucr.edu
<https://events.ucr.edu/event/uc-cybersecurity-mandate-office-hours-with-its>
.


Sincerely,

Elizabeth Watkins

Provost and Executive Vice Chancellor

Matthew Gunkel

Chief Information Officer and Associate Vice Chancellor

Dewight F. Kramer

Chief Information Security Officer
Read the UCR Security Toolset Upgrade FAQs
<https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0012322>

Guidance

Resources

Read the UCR Security Toolset Purpose and Use whitepaper
<https://docs.google.com/document/d/1R9d0zK7M-4o-YsihgjZSXB-KuqooxjSJuTmzruI0AB4/edit?usp=sharing>
.

Find answers to FAQs about MFA <https://its.ucr.edu/mfa#faq> and the security
toolset <https://its.ucr.edu/uc-security-toolset#security-toolset-faq>.
UC-wide Mandate

All UC campuses are called to comply to help protect sensitive data,
maintain operational continuity, comply with regulations, and mitigate
financial risks associated with cyber attacks.
Read the Letter <https://its.ucr.edu/uc-presidents-letter>

Support

   -

   Review the toolset information and guidance
   <https://its.ucr.edu/uc-security-toolset>
   -

   Report an issue with installation
   <https://ucrsupport.service-now.com/ucr_portal?id=sc_cat_item&sys_id=d10c39ee0f348300138942bce1050e8b>
   -

   Get help in person by visiting an IT Support station in the libraries or
   SSC
   -

   Attend the next virtual office hour with ITS
   <https://events.ucr.edu/event/uc-cybersecurity-mandate-office-hours-with-its>

Download the UCR Security Toolset <http://endpointinventory.ucr.edu/home>

Installation guides are available for Windows
<https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0012265>
and MacOS
<https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0012269>
users.
Learn More

The security toolset is required for any device that is used to connect to
secure UCR networks and cloud resources, including personal devices. These
devices include computers, laptops, and Microsoft Surface tablets (learn
what’s not included
<https://its.ucr.edu/uc-security-toolset#are-mobile-devices-included-in>).
[image: image]
Reason for Change: UC Cybersecurity Mandate 2025

These changes are part of UCR's plan to better protect our community and
comply with a new UC systemwide mandate.
Learn About the Mandate <https://its.ucr.edu/cybersecurity-mandate-2025>

[image: image]
Video: Message from the Provost

Watch this video message from Provost Watkins to learn why UCR is
strengthening MFA, along with other key steps we must take to keep our
Highlander community safe.
Watch on YouTube <https://www.youtube.com/watch?v=8-bMZddr-Bc>



Need IT help? Submit a support ticket at its.ucr.edu/help


Information Technology Solutions

Computing & Communications Building

900 University Ave.

Riverside, CA 92521

951-827-4848 | its.ucr.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://scotmail.ucr.edu/pipermail/faculty/attachments/20250804/f21cf5b8/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image
Type: image/png
Size: 42199 bytes
Desc: not available
URL: <https://scotmail.ucr.edu/pipermail/faculty/attachments/20250804/f21cf5b8/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image
Type: image/jpeg
Size: 361433 bytes
Desc: not available
URL: <https://scotmail.ucr.edu/pipermail/faculty/attachments/20250804/f21cf5b8/attachment-0001.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image
Type: image/png
Size: 604736 bytes
Desc: not available
URL: <https://scotmail.ucr.edu/pipermail/faculty/attachments/20250804/f21cf5b8/attachment-0003.png>

More information about the Faculty mailing list