Thanks to the dedication and diligence of every employee, as of May 28, 2025, UCR has achieved 96% overall compliance with the UC Cybersecurity Mandate 2025. This is a significant milestone on our campus’ Security Investment Roadmap, and every Highlander's contribution has significantly bolstered UCR's cybersecurity and ensured we continue to meet critical UC-wide standards.
While this is an important milestone, cybersecurity is an evolving landscape. To stay ahead of the ever-changing cybersecurity landscape and keep our community secure, campus leadership anticipates that additional measures will be required in the future to maintain our robust security posture against emerging threats and request Highlanders’ continued attention and support of these critical efforts.
This article contains updates and reminders regarding UCR’s compliance support plan to ensure our campus continues to meet UC-wide cybersecurity standards.
Read Also: UCR's Plan to Ensure Compliance with UC Cybersecurity Mandate 2025
Device exemptions are only granted under rare and special circumstances. For example, an exemption may be possible for a device that cannot support the security toolset (e.g., certain scientific equipment, high-performance computing cluster, or sensitive research devices). Similarly, individuals with contingent or limited appointments may be exempt if the security toolset is not compatible with their home organization’s security policies.
To request an exemption, please fill out the Information Security Office consultation form in the IT service portal. Select “Other Risk Assessment” from the Category drop-down. Please also include the following information in the Short Description field:
The Information Security Office may reach out for additional information as it performs the risk assessment.
Even if a device is granted an exception, it must still be inventoried and have an ISO-approved security plan for how the device will be kept safe. Note that exceptions are rarely granted. No exceptions will be made for personal devices.
The UC Office of the President (UCOP) will hold a special seminar on June 10, 2025 at 12 PM to discuss the implementation of the Endpoint Detection & Recovery (EDR) tool and its potential impact on academic work. Details can be found at events.ucr.edu. Interested employees, particularly faculty members, are encouraged to attend.
Lastly, ITS added new dates to the UC Cybersecurity Mandate office hours that are open to all employees. Listed below is the new schedule. Details are available at events.ucr.edu.
Important: Campus communications are intended to address the general campus community but are not inclusive of all employees. ITS, Labor and Employee Relations (LER), and the Academic Personnel Office (APO) have been in contact with the Union Representatives of some represented employee groups.
Please review the toolset FAQs to see how these changes are being considered and implemented with respect to your employment contract. If you have any questions related to the changes, please reach out to your union representative to discuss.
Note: This article was updated on June 18, 2025.