As shared in June, we have made incredible strides in meaningfully improving the security of our campus community, including achieving 96% overall compliance with requirements of the UC Cybersecurity Mandate.
This success means that most of you have already taken the required steps to complete your training and ensure your device is secured by the UCR security toolset. We are now ready to take the next step in our compliance support plan with the phased implementation of security compliance checks beginning September 30, 2025.
To support this transition, please be reminded of the following:
What are security compliance checks?
Security compliance checks refer to a verification process that ensures both the device and its user meet UC security standards before granting access to a secure UCR resource. These standards include:
• The user who is attempting to gain access has completed their annual UC Cyber Security Awareness Fundamentals training
• The device attempting to gain access is running the UCR Security Toolset
Who must meet the UC Cybersecurity Mandate 2025 security requirements?
All UCR employees and affiliates, with the exception of academic student employees, are subject to the UC Cybersecurity Mandate 2025 security requirements.
Note: retirees, emeriti, and certain affiliates are not subject to the cybersecurity training requirement but must use a secured device if accessing secure UCR resources.
What will my experience be like once the security compliance checks are in place?
Once the security compliance checks are implemented, individuals who have not taken the required steps to be compliant with training and/or secured device requirements will not be able to access secure UCR resources and applications. Instead, the individual will be prompted to take the action(s) needed to come into compliance.
What is the schedule for the phased implementation?
|
Timeline |
Phase |
Groups |
|
September 30 |
Phase 1 |
Information Technology Solutions |
|
October 1 - 15 |
Testing & Phase 1 Hypercare |
|
|
October 16 |
Phase 2 |
Administrative units (including Academic Senate, Intercollegiate Athletics, Palm Desert Center, UNEX) |
|
October 17 - 20 |
Phase 2 Hypercare |
|
|
October 21 - 23 |
Phase 3 |
|
|
October 24 - 26 |
Phase 3 Hypercare |
|
|
October 27 - 30 |
Phase 4 |
Schools and Colleges |
|
October 31 |
Phase 5 |
Select remaining groups (includes Unit 18 Lecturers and non-active emeriti and retirees) |
|
November 3 - November 7 |
Phases 4 & 5 Hypercare |
Schools, Colleges, and select remaining groups |
Please keep an eye out for information from your administrator, as ITS is notifying org administrators of their respective implementation dates.
What if I don’t have Duo Desktop?
Duo Desktop is the security check mechanism and was added to the August 2025 release of the UCR security toolset. As a result, Duo Desktop should have been automatically added to all devices that contain the toolset. If for any reason your device did not receive Duo Desktop, please follow the guidance contained in this knowledge article (note that you must be logged in with your UCR NetID credentials to view this protected article).
Which resources are exempt from security compliance checks?
All UCR resources that require authentication using netID and password are considered secure resources and are therefore subject to security compliance checks. However, the following secure resources are currently exempt and will remain accessible:
• Zoom
• Slack
• Office 365
• Google Workspace
• ServiceNow
• Canvas
• UC Learning Center
• Virtual Private Network (VPN)
• Community-facing UCR Library services
• Public-facing websites, applications, and other resources (i.e., resources that do not require you to log in with UCR NetID credentials)
It is important to note that the list of resources excluded from compliance checks will be reevaluated as part of ongoing operations to determine whether any changes need to be made for security or user accessibility purposes. In the event of a change to this resource list, campus will be notified.