UCR has developed compliance support measures to ensure our campus meets the six UC-wide cybersecurity requirements. These measures are crucial for enhancing UCR’s security and aligning with UC expectations, and additional measures may be implemented as we work toward full compliance. 

Take the UC Training

• Requirement: Timely annual completion of the UC Cyber Security Awareness Fundamentals training (this has long been a required training for all UC employees).
• Compliance Support Plan
  • Starting August 2025: Employees who are not current on their training will receive a warning message upon logging into UCR systems, serving as a reminder to complete the required training. This message can be skipped temporarily. 
  • August 2025: Employees who remain or become non-compliant will be restricted from accessing UCR systems (except for the UC Learning Center to complete the training). The exact enforcement date will be communicated once determined.
• Required Action: Complete and remain current on your required annual UC Cyber Security Awareness Fundamentals training via the UC Learning Center: ucrlearning.ucr.edu. 

Verify Your Identity

• Requirement: Use of a secure MFA option for identity verification when accessing UCR resources.
• Compliance Support Plan: This requirement is in effect as of February 24, 2025.
• Required Action: We strongly encourage you to enroll in multiple MFA methods to guarantee uninterrupted access to UCR resources. For guidance on setting up MFA, please visit: its.ucr.edu/mfa.

Use the Security Toolset

• Requirement: Installation and use of the UCR-mandated security toolset on all devices connecting to UCR’s secure resources.
• Compliance Support Plan
  • August 2025: Targeted implementation of secured device access checks when trying to access secure UCR applications. Once this compliance measure is implemented, employees who have not taken the required steps to be compliant with secured device requirements will not be able to access secure UCR resources and applications.
• Required Action: Devices managed by IT are already compliant. If you manage your own devices, you must install and run the security toolset if you plan to connect these devices to secure UCR resources. Guidance can be found on the security toolset webpage: its.ucr.edu/uc-security-toolset. 

Why is Action Necessary?

As the Provost, CIO, and CISO noted in their original joint letter to campus, cyber threats are a growing concern, posing significant risks to UCR’s research, teaching, financial data, and the personal information of our community. To safeguard our academic pursuits and university operations, it is imperative that we strengthen our security protocols across the UC system. Watch this video message from the Provost, which highlights why we must take action now. 

Resources and Support

A dedicated webpage is available with detailed information, resources, and FAQs. Please continue to refer to this page for ongoing updates: its.ucr.edu/cybersecurity-mandate-2025. 

Note: This article was updated on June 5, 2025.