Inside UCR

How UCR is complying with the UC Cybersecurity Mandate

March 24, 2025
Dewight Kramer
Chief Information Security Officer
Information Technology Solutions
March 24, 2025

As we approach the May 28, 2025, compliance deadline for the UC Cybersecurity Mandate, I want to provide an update on the planned compliance support measures that will be implemented to ensure our campus meets these vital requirements. As you know, these changes are part of a UC-wide initiative, mandated by the UC Regents and led by the UC Office of the President, designed to protect our personal and institutional data.

Key Steps and Their Respective Compliance Support Plans

1.    Take the UC Training:

        o    Requirement: Timely annual completion of the UC Cyber Security Awareness Fundamentals training (this has long been a required training for all UC employees).

        o    Compliance Support Plan:

         Starting March 25, 2025: Employees who are not current on their training will receive a warning message upon logging into UCR systems, serving as a reminder to complete the required training. This message can be skipped temporarily. 

        Fall 2025: Employees who remain or become non-compliant will be restricted from accessing UCR systems (except for the UC Learning Center to complete the training). The exact enforcement date will be communicated once determined.

      o    Required Action: Complete and remain current on your required annual UC Cyber Security Awareness Fundamentals training via the UC Learning Center: ucrlearning.ucr.edu.

2.    Verify Your Identity:

      o    Requirement: Use of a secure MFA option for identity verification when accessing UCR resources.

      o    Compliance Support Plan: This requirement is in effect as of February 24, 2025.

      o    Required Action: We strongly encourage you to enroll in multiple MFA methods to guarantee uninterrupted access to UCR resources. For guidance on setting up MFA, please visit: its.ucr.edu/mfa.

3.    Use the Security Toolset:

      o    Requirement: Installation and use of the UCR-mandated security toolset on all devices connecting to UCR’s secure resources.

      o    Compliance Support Plan: ITS is working with campus leadership to develop a phased plan to restrict non-compliant devices from being able to access the secure network and resources. Details will be shared as available.

     o    Required Action: Devices managed by IT are already compliant. If you manage your own devices, you must install and run the security toolset if you plan to connect these devices to secure UCR resources. Guidance can be found on the security toolset webpage: its.ucr.edu/uc-security-toolset.

These steps are crucial for enhancing UCR’s security and aligning with UC expectations. This update is meant to provide awareness of the campus’ compliance support plans. Specific dates and details will be shared promptly. Additional measures may be implemented as we work toward full compliance.

Why is Action Necessary?

As the Provost, CIO, and I noted in our original joint letter to campus, cyber threats are a growing concern, posing significant risks to UCR’s research, teaching, financial data, and the personal information of our community. To safeguard our academic pursuits and university operations, it is imperative that we strengthen our security protocols across the UC system. I encourage you to watch this video message from the Provost, which highlights why we must take action now. 

Resources and Support

A dedicated webpage is available with detailed information, resources, and FAQs. Please continue to refer to this page for ongoing updates: https://its.ucr.edu/cybersecurity-mandate-2025.

Thank you for your understanding and your cooperation as we strive to better protect the remarkable work we do at UCR.