[Msoadm] Security compliance checks will commence in Sept., devices now available to Unit 18 lecturers, new security hardware token program, and other key IT security changes affecting faculty and staff
UCR Information Technology Solutions
its at ucr.edu
Thu Jul 31 16:32:47 PDT 2025
[image: image]
Dear Financial and Administrative Officers,
This notice provides information about upcoming IT changes and service
offerings. Please read this notice in its entirety to learn more about the
changes your faculty, staff, and affiliates can expect, and any action
needed prior to the start of the academic year.
Overview of upcoming IT changes and service offerings that may impact your
organization:
-
The UCR Security Toolset will upgrade in August to version 1.2
<https://docs.google.com/document/d/1R9d0zK7M-4o-YsihgjZSXB-KuqooxjSJuTmzruI0AB4/edit?tab=t.0#heading=h.aiwuilnn557y>,
which will include the deployment of Duo Desktop to all devices that
contain the toolset
-
In accordance with UCR’s compliance plan for UC Cybersecurity Mandate
2025 <https://its.ucr.edu/cybersecurity-mandate-2025#key-dates>, phased
implementation of security compliance checks will commence beginning
September 2025
-
Employees and affiliates should expect access restrictions
<https://its.ucr.edu/cybersecurity-mandate-2025#consequences-of-non-compliance>
to secure UCR resources if they do not meet the UC security standards
<https://its.ucr.edu/cybersecurity-mandate-2025>
-
Unit 18 Lecturers may request a compliant device via the Lecturer Device
Program
<https://ucrsupport.service-now.com/ucr_portal?id=sc_cat_item&table=sc_cat_item&sys_id=c5cedeb70fadcb40138942bce1050e32&recordUrl=com.glideapp.servicecatalog_cat_item_view.do%3Fv%3D1&sysparm_id=c5cedeb70fadcb40138942bce1050e32>
-
An exemption request
<https://ucrsupport.service-now.com/ucr_portal?id=sc_cat_item&sys_id=c0ecbe881ba7b300c675dac9bc4bcb6b>
must be submitted for any department or research device that cannot support
the UCR Security Toolset or risk being unable to connect to secure UCR
resources
-
ITS has launched a Security Hardware Token Program
<https://its.ucr.edu/mfa#how-can-i-request-a-hardware-t> for employees
in need of an alternate MFA method (note: existing tokens using HOTP
technology will no longer work after October 10, 2025)
-
The campus VPN will be replaced in August 2025, requiring campus users
to use a different VPN client to connect (guidance to be provided)
UCR Security Toolset Upgrade to Include Duo Desktop in August Release
(Version 1.2)
All software requires periodic updates to ensure continued effectiveness
and security, as well as deliver enhanced features and functionality. In
the upcoming August 2025 version release (Version 1.2
<https://docs.google.com/document/d/1R9d0zK7M-4o-YsihgjZSXB-KuqooxjSJuTmzruI0AB4/edit?tab=t.0#heading=h.aiwuilnn557y>),
Duo Desktop will be added to the UCR Security Toolset. This addition is
part of UCR’s compliance support plan. Duo Desktop will act as the
verification mechanism, ensuring that UC security standards
<https://its.ucr.edu/cybersecurity-mandate-2025> are met before granting
access to secure university resources.
The release of Version 1.2 means all devices that currently contain the UCR
Security Toolset will automatically receive the update, which includes the
addition of Duo Desktop. For a device that does not yet contain the
toolset, it will become part of the set of applications that are installed
when a user downloads the toolset onto a device. If an employee attempts to
access a secure resource with a self-managed device that does not contain
Duo Desktop (but is running the other security tools), they will be prompted
to install the Duo Desktop application
<https://duo.com/docs/duo-desktop#install-duo-desktop> manually before
being granted access.
How will it work?
The UCR Security Toolset will be upgraded to Version 1.2
<https://docs.google.com/document/d/1R9d0zK7M-4o-YsihgjZSXB-KuqooxjSJuTmzruI0AB4/edit?tab=t.0#heading=h.aiwuilnn557y>,
which will include the deployment of Duo Desktop to all devices that
contain the toolset. The release schedule is as follows:
-
August 4, 2025: Most administrative orgs and some academic orgs using
Secured Device Services (SDS)
<https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0012086>
will receive the upgrade, which includes Duo Desktop.
-
August 21, 2025: All remaining orgs* and all remaining devices that have
the UCR security toolset installed will receive the upgrade, which includes
Duo Desktop.
*Orgs that will receive the upgrade on August 21 include School of
Business, School of Public Policy, Bourns College of Engineering, College
of Humanities, Arts, and Social Sciences, College of Natural and
Agricultural Sciences, and University Advancement.
View the toolset upgrade FAQs to learn more (must be logged in to view).
<https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0012322>
Security Compliance Checks Scheduled to Begin September 2025
As previously communicated
<https://insideucr.ucr.edu/announcements/2025/06/05/updates-ucrs-plan-ensure-compliance-uc-cybersecurity-mandate-2025>,
UCR has been working towards a phased rollout of compliance support
mechanisms for the UC Cybersecurity Mandate 2025. UCR plans to commence
security compliance checks in September 2025, with full implementation by
November 2025.
Please be reminded that all UCR employees and affiliates are subject to
compliance with the UC Cybersecurity Mandate 2025 with the singular
exception of academic student employees. You are encouraged to remind
faculty, staff, and administrative student employees–as well as affiliates,
such as contractors, volunteers, and active retirees and emeriti–that they
will be unable to access secure UCR resources with an unsecured device.
(Note that retirees and emeriti are not subject to the training
requirement.)
Reminder: Lecturer Device Program for Unit 18 (UC-AFT)
University-owned devices that are equipped with the UCR Security Toolset,
and therefore compliant with UC Cybersecurity Mandate 2025, are available
to Unit 18 lecturers through the Lecturer Device Program for Local 18:
-
Guidance: Interested lecturers should follow the guidance contained in ITS
Knowledge Base article KB0012312
<https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0012312>
titled “How to Request a Local 18 Lecturers Union Laptop through the ITS
Service Portal.”
-
Request form: Access the program service request form directly from the IT
Service Portal
<https://ucrsupport.service-now.com/ucr_portal?id=sc_cat_item&table=sc_cat_item&sys_id=c5cedeb70fadcb40138942bce1050e32>.
Be sure to select “Lecturer Device Program - Local 18” as the request type.
Note: Local 18 lecturers who wish to utilize the device program for fall
2025 are strongly encouraged to complete the above request form as soon as
possible so that they can pick up the device prior to the start of the
quarter.
Reminder: Exemption Request Must Be Submitted for Research/Dept Devices
That Cannot Support the UCR Security Toolset
ITS requests your support in ensuring that your faculty and staff have
assessed department and research devices to determine whether an exemption
is required. Although only offered in special circumstances, an exemption
may be possible for a device that cannot support the security toolset
(e.g., certain scientific equipment, high-performance computing cluster, or
sensitive research devices).
Please note that in the event a device is granted an exemption, the device
owner/user will still need to work with the Information Security Office to
develop a plan to ensure the security of the device. Please also note that
no exceptions will be made for personal devices.
To request an exemption, please fill out the Information Security Office
consultation form
<https://ucrsupport.service-now.com/ucr_portal?id=sc_cat_item&sys_id=c0ecbe881ba7b300c675dac9bc4bcb6b>
in the IT service portal. Select “Other Risk Assessment” from the Category
drop-down. Please also include the following information in the Short
Description field:
1.
Briefly describe the exception you’re seeking and the justification for
it
2.
Name of the device (learn how to find it on an Apple device
<https://support.apple.com/guide/mac-help/find-your-computers-name-and-network-address-mchlp1177/mac#:~:text=On%20your%20Mac%2C%20choose%20Apple,Click%20About.&text=View%20your%20computer%27s%20name%20to%20the%20right%20of%20the%20Name%20field.>
or Windows device
<https://support.microsoft.com/en-us/office/do-you-need-help-locating-your-computer-name-00384381-8aa9-4398-b81b-475f09fed618>
)
3.
MAC address of the device (learn how to find it
<https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0012313>
)
4.
Which UCR resources you access with the device
The Information Security Office may reach out for additional information as
it performs the risk assessment.
Security Hardware Token Program Available to Employees Who Need It
ITS recommends that employees use preferred multi-factor authentication
(MFA) methods, such as the Duo Mobile app, the Duo Desktop app, and
biometric authentication. However, if none of these options meet their
needs and they require a security hardware token (e.g., for accessibility
needs), employees may follow a three-step process to request and obtain a
hardware token <https://its.ucr.edu/mfa#how-can-i-request-a-hardware-t>.
Those who were previously issued a hardware token from ITS are also asked
to evaluate whether or not it is still needed and, if needed, submit a
request to exchange it for a TOTP-compliant hardware token before October
10, 2025. After this date, non-compliant HOTP hardware tokens will no
longer work (learn why ITS-issued hardware tokens need to be replaced
<https://its.ucr.edu/mfa#why-do-i-need-to-exchange-my-i>).
Notice: Campus VPN Replacement Planned for August 2025
Please be advised that the campus virtual private network (VPN) will be
replaced in August 2025. University-owned and managed devices will
automatically be equipped with the new VPN client. Highlanders who manage
their own devices will need to take steps to install the new VPN client
once it is available. More information, including dates of the change and
guidance on how to use the new VPN, is forthcoming.
I look forward to the opportunity to discuss these security initiatives
with you in more detail at the next FHROG meeting. In the meantime, please
reach out to me at dewight.kramer at ucr.edu if you have any questions or
concerns.
Sincerely,
Dewight Kramer
Chief Information Security Officer
Information Technology Solutions
University of California, Riverside
Guidance
Resources
Read the UCR Security Toolset upgrade FAQs
<https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0012322>
.
Read the UCR Security Toolset Purpose and Use whitepaper
<https://docs.google.com/document/d/1R9d0zK7M-4o-YsihgjZSXB-KuqooxjSJuTmzruI0AB4/edit?usp=sharing>
.
Find answers to FAQs about MFA <https://its.ucr.edu/mfa#faq> and the security
toolset <https://its.ucr.edu/uc-security-toolset#security-toolset-faq>.
UC-wide Mandate
All UC campuses are called to comply to help protect sensitive data,
maintain operational continuity, comply with regulations, and mitigate
financial risks associated with cyber attacks.
Read the Letter <https://its.ucr.edu/uc-presidents-letter>
Support
-
Review the toolset information and guidance
<https://its.ucr.edu/uc-security-toolset>
-
Report an issue with installation
<https://ucrsupport.service-now.com/ucr_portal?id=sc_cat_item&sys_id=d10c39ee0f348300138942bce1050e8b>
-
Get help in person by visiting an IT Support station in the libraries or
SSC
-
Attend the next virtual office hour with ITS
<https://events.ucr.edu/event/uc-cybersecurity-mandate-office-hours-with-its>
Download the UCR Security Toolset <http://endpointinventory.ucr.edu/home>
Installation guides are available for Windows
<https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0012265>
and MacOS
<https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0012269>
users.
Learn More
The security toolset is required for any device that is used to connect to
secure UCR networks and cloud resources, including personal devices. These
devices include computers, laptops, and Microsoft Surface tablets (learn
what’s not included
<https://its.ucr.edu/uc-security-toolset#are-mobile-devices-included-in>).
[image: image]
Reason for Change: UC Cybersecurity Mandate 2025
These changes are part of UCR's plan to better protect our community and
comply with a new UC systemwide mandate.
Learn About the Mandate <https://its.ucr.edu/cybersecurity-mandate-2025>
[image: image]
Video: Message from the Provost
Watch this video message from Provost Watkins to learn why UCR is
strengthening MFA, along with other key steps we must take to keep our
Highlander community safe.
Watch on YouTube <https://www.youtube.com/watch?v=8-bMZddr-Bc>
Need IT help? Submit a support ticket at its.ucr.edu/help
Information Technology Solutions
Computing & Communications Building
900 University Ave.
Riverside, CA 92521
951-827-4848 | its.ucr.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://scotmail.ucr.edu/pipermail/msoadm/attachments/20250731/2743ff6d/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image
Type: image/png
Size: 42199 bytes
Desc: not available
URL: <https://scotmail.ucr.edu/pipermail/msoadm/attachments/20250731/2743ff6d/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image
Type: image/jpeg
Size: 361419 bytes
Desc: not available
URL: <https://scotmail.ucr.edu/pipermail/msoadm/attachments/20250731/2743ff6d/attachment-0001.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image
Type: image/png
Size: 604736 bytes
Desc: not available
URL: <https://scotmail.ucr.edu/pipermail/msoadm/attachments/20250731/2743ff6d/attachment-0003.png>
More information about the Msoadm
mailing list