UC Riverside is legally required to adhere to Section 889 of the 2019 National Defense Authorization Act (NDAA 889), which prohibits the use of equipment made by a limited set of manufacturers. This is a reminder that in compliance with this Federal requirement and resulting UCOP guidance, the Chief Compliance Office (CCO) and Information Technology Solutions (ITS) have partnered to develop a compliance plan for campus.
The compliance plan includes a change to networking services, taking place June 30, 2022. This change will affect anyone attempting to make a wired connection to the UCR-secure network using a non-compliant device. It is important to note that the prohibition of these devices applies to all University business and research activity, regardless of the funding source. Unit IT Directors and Unit Information Security Leads should ensure that their networks have received reasonable inquiries and that they work with ITS to identify suspect devices and remove access as necessary.
For more information about NDAA 889 and to view a copy of the Compliance Plan, please visit its.ucr.edu/blog/ndaa.
Please note that the original publication of the NDAA 889 Compliance Plan included specific scanning requirements for campus units that monitor their own network. This guidance has since been revised, as ITS will work with these units to conduct reasonable inquiries.