[Faculty] Update: UC Cybersecurity Mandate Compliance

Fri May 23 12:11:14 PDT 2025

[image: image]
May 28 Deadline for Compliance With UC Cybersecurity Requirements Fast
Approaching

Colleagues,

The May 28, 2025, deadline for all UC campuses to comply with six key
cybersecurity requirements
<https://its.ucr.edu/cybersecurity-mandate-2025#outcomes-to-be-achieved> is
fast approaching. If you have not yet done so, please take the required
actions now
<https://its.ucr.edu/cybersecurity-mandate-2025#required-actions-before-june-2>
to become compliant.

Beginning in June, UCR will implement secured access checks to restrict
non-compliant individuals and devices from accessing a select number of UCR
applications. Updates regarding UCR’s compliance support plan and key
enforcement dates were recently shared in a campus announcement
<https://its.ucr.edu/blog/2025/05/21/ucrs-plan-ensure-compliance-uc-cybersecurity-mandate-2025>
.

Finally, the University of California Office of the President has announced
that it will host a special webinar session to address concerns regarding
the implementation of Endpoint Detection and Response (EDR) as part of the
mandate. Details about the session will be published on events.ucr.edu as
soon as they become available. Please also be reminded that the UCR
Academic Senate will host ITS for a Town Hall Q&A on cybersecurity on
Tuesday, May 27, at 10:30 AM (Zoom link
<https://ucr.zoom.us/meeting/register/jqbtVUt6ToOprzyfFTSa3g>).

Thank you for doing your part to keep our Highlander community safe.

Sincerely,

Elizabeth Watkins

Provost and Executive Vice Chancellor

Matthew Gunkel

Chief Information Officer and Associate Vice Chancellor

Dewight F. Kramer

Chief Information Security Officer

Compliance Plan Updates

   -

   CISO Dewight Kramer’s most recent update on UCR’s compliance support
   plan has been published on InsideUCR
   <https://insideucr.ucr.edu/announcements/2025/05/19/ucrs-plan-comply-uc-cybersecurity-mandate>
   and the ITS blog
   <https://its.ucr.edu/blog/2025/05/21/ucrs-plan-ensure-compliance-uc-cybersecurity-mandate-2025>
   .
   -

   Version 1.2 of the UCR Security Toolset will be released in June 2025.
   Please refer to section 5 “Security Toolset Version Release Notes” in the
   whitepaper
   <https://docs.google.com/document/d/1R9d0zK7M-4o-YsihgjZSXB-KuqooxjSJuTmzruI0AB4/edit?usp=sharing>
   for more details (note that you must be logged in with your UCR NetID
   credentials to view).

Key Compliance Plan Dates

   -

   June 1 - Employees still overdue on training may be unable to access UCR
   systems (except for the Learning Center) until training is completed.
   -

   June 15 - Secured access checks will commence, beginning with a select
   few UCR applications. These applications will be inaccessible to users
   and/or devices that are not compliant with the UCOP cybersecurity training
   and secured device requirements.

Exception Process Reminders

   -

   Device owners/managers may only request exceptions to these requirements
   under rare and special circumstances. For example, an exception may be
   possible for a device that cannot support the security toolset (e.g.,
   certain scientific equipment, high-performance computing cluster, or
   sensitive research devices).
   -

   To request an exception, please fill out the Information Security Office
   consultation form
   <https://ucrsupport.service-now.com/ucr_portal?id=sc_cat_item&sys_id=c0ecbe881ba7b300c675dac9bc4bcb6b>
   in the IT service portal. Select “Other Risk Assessment” from the Category
   drop down and briefly describe the exception you’re seeking and the
   justification for it in the Short Description field.
   -

   The Information Security Office may reach out for additional information
   as it performs the risk assessment.
   -

   A device that is granted an exception must still be inventoried and have
   an ISO-approved security plan for how the device will be kept safe.
   -

   Note that exceptions are rarely granted. No exceptions will be made for
   personal devices.

Download the UCR Security Toolset <http://endpointinventory.ucr.edu/home>

Installation guides are available for Windows
<https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0012265>
and MacOS
<https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0012269>
users.
Guidance

Resources

What's my role? View your checklist:

   -

   I manage my device
   <https://docs.google.com/document/d/1h0kCYKFfb41sInBec-Bqc8EtRs-fqu08Jesv3mrVmh8/edit?usp=sharing>
   -

   IT manages my device
   <https://docs.google.com/document/d/173rXeikz-Ko5-qjOm4WUVhRVRcntpCIGKhCF4iHiToA/edit?usp=sharing>

Read the UCR Security Toolset Purpose and Use whitepaper
<https://docs.google.com/document/d/1R9d0zK7M-4o-YsihgjZSXB-KuqooxjSJuTmzruI0AB4/edit?usp=sharing>
.

Find answers to FAQs about the mandate
<https://its.ucr.edu/cybersecurity-mandate-2025#faq> and the security
toolset <https://its.ucr.edu/uc-security-toolset#security-toolset-faq>.
UC-wide Mandate

All UC campuses are called to comply to help protect sensitive data,
maintain operational continuity, comply with regulations, and mitigate
financial risks associated with cyber attacks.
Read the Letter <https://its.ucr.edu/uc-presidents-letter>

Support

   -

   Review the toolset information and guidance
   <https://its.ucr.edu/uc-security-toolset>
   -

   Report an issue with installation
   <https://ucrsupport.service-now.com/ucr_portal?id=sc_cat_item&sys_id=d10c39ee0f348300138942bce1050e8b>
   -

   Get help in person by visiting an IT Support station in the libraries or
   SSC
   -

   Attend the next virtual office hour with ITS
   <https://events.ucr.edu/event/uc-cybersecurity-mandate-office-hours-with-its>

Campus Compliance Report

[image: image]
What's at Risk if UCR Doesn't Comply by May 28, 2025?

   -

   Employees who have not taken the required steps to be compliant with
   training and device security will not be able to access secure UCR
   resources and applications beginning June 15, 2025.
   -

   UCR will face costly financial penalties
   <https://its.ucr.edu/cybersecurity-mandate-2025#campus-consequences> and
   greater liability, which may further impact budgets.
   -

   Your personal information and university data will be at greater risk of
   cyber attack or ransom
   <https://its.ucr.edu/cyber-attacks#higher-ed-cyberattack-news>, which
   may result in research data loss, identity theft, prolonged disruption to
   university operations, and personal financial loss.

Learn More

The security toolset is required for any device that is used to connect to
secure UCR networks and cloud resources, including personal devices. These
devices include computers, laptops, and Microsoft Surface tablets (learn
what’s not included
<https://its.ucr.edu/uc-security-toolset#are-mobile-devices-included-in>).
[image: image]
Reason for Change: UC Cybersecurity Mandate 2025

These changes are part of UCR's plan to better protect our community and
comply with a new UC systemwide mandate.
Learn About the Mandate <https://its.ucr.edu/cybersecurity-mandate-2025>

[image: image]
Video: Message from the Provost

Watch this video message from Provost Watkins to learn why UCR is
strengthening MFA, along with other key steps we must take to keep our
Highlander community safe.
Watch on YouTube <https://www.youtube.com/watch?v=8-bMZddr-Bc>

Need IT help? Submit a support ticket at its.ucr.edu/help

Information Technology Solutions

Computing & Communications Building

900 University Ave.

Riverside, CA 92521

951-827-4848 | its.ucr.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://scotmail.ucr.edu/pipermail/faculty/attachments/20250523/a45c2e89/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image
Type: image/png
Size: 140849 bytes
Desc: not available
URL: <https://scotmail.ucr.edu/pipermail/faculty/attachments/20250523/a45c2e89/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image
Type: image/png
Size: 604736 bytes
Desc: not available
URL: <https://scotmail.ucr.edu/pipermail/faculty/attachments/20250523/a45c2e89/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image
Type: image/png
Size: 42199 bytes
Desc: not available
URL: <https://scotmail.ucr.edu/pipermail/faculty/attachments/20250523/a45c2e89/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image
Type: image/jpeg
Size: 361433 bytes
Desc: not available
URL: <https://scotmail.ucr.edu/pipermail/faculty/attachments/20250523/a45c2e89/attachment-0001.jpe>