UCR has developed compliance support measures to ensure our campus meets the six UC-wide cybersecurity requirements. These measures are crucial for enhancing UCR’s security and aligning with UC expectations, and additional measures may be implemented as we work toward full compliance. 

Take the UC Training

• Requirement: Timely annual completion of the UC Cyber Security Awareness Fundamentals training (this has long been a required training for all UC employees).
• Compliance Support Plan
  • Starting March 25, 2025: Employees who are not current on their training will receive a warning message upon logging into UCR systems, serving as a reminder to complete the required training. This message can be skipped temporarily. 
  • June 1, 2025: Employees who remain or become non-compliant will be restricted from accessing UCR systems (except for the UC Learning Center to complete the training). The exact enforcement date will be communicated once determined.
• Required Action: Complete and remain current on your required annual UC Cyber Security Awareness Fundamentals training via the UC Learning Center: ucrlearning.ucr.edu. 

Verify Your Identity

• Requirement: Use of a secure MFA option for identity verification when accessing UCR resources.
• Compliance Support Plan: This requirement is in effect as of February 24, 2025.
• Required Action: We strongly encourage you to enroll in multiple MFA methods to guarantee uninterrupted access to UCR resources. For guidance on setting up MFA, please visit: its.ucr.edu/mfa.

Use the Security Toolset

• Requirement: Installation and use of the UCR-mandated security toolset on all devices connecting to UCR’s secure resources.
• Compliance Support Plan
  • June 15, 2025: Secured access checks will commence, beginning with a select few UCR applications. These applications will be inaccessible to those users and/or devices that are not compliant with the UCOP cybersecurity training and secured device requirements. 
    • As communicated previously in an update to campus, the compliance support plan for the UCR Security Toolset is phased. This means that initial secured access checks will restrict non-compliant devices from accessing a select number of UCR applications. Over time, more UCR applications will be subject to the secured access check. 
    • The initial list of UCR applications subject to the secured access check, and therefore inaccessible to non-compliant devices or persons who have not completed their required cybersecurity training, is currently being finalized and will be communicated by May 31, 2025.
  • ITS is working with campus leadership to finalize the secured access check rollout, which includes determining which applications will be subject to the check and when. Details will be shared as available.
• Required Action: Devices managed by IT are already compliant. If you manage your own devices, you must install and run the security toolset if you plan to connect these devices to secure UCR resources. Guidance can be found on the security toolset webpage: its.ucr.edu/uc-security-toolset. 

Why is Action Necessary?

As the Provost, CIO, and CISO noted in their original joint letter to campus, cyber threats are a growing concern, posing significant risks to UCR’s research, teaching, financial data, and the personal information of our community. To safeguard our academic pursuits and university operations, it is imperative that we strengthen our security protocols across the UC system. Watch this video message from the Provost, which highlights why we must take action now. 

Resources and Support

A dedicated webpage is available with detailed information, resources, and FAQs. Please continue to refer to this page for ongoing updates: its.ucr.edu/cybersecurity-mandate-2025.