On May 28, 2025, UC Riverside successfully met its information security goals for the UC Cybersecurity Mandate 2025. While this is an important milestone, cybersecurity is an evolving landscape. Campus leadership anticipates that additional measures will be required in the future to maintain our robust security posture against emerging threats and request Highlanders’ continued attention and support of these critical efforts.

This article contains updates and reminders regarding UCR’s compliance support plan to ensure our campus continues to meet UC-wide cybersecurity standards.

Read Also: UCR's Plan to Ensure Compliance with UC Cybersecurity Mandate 2025

Compliance Plan Updates

Training Validation and Secured Access Checks Targeted to Commence in August 2025

• To help ensure a smooth transition for all as UCR enters the enforcement phase, campus leadership has adjusted the compliance support plan timeline. The implementation of training validation and secured device access checks when trying to access secure UCR applications is targeted to commence in August 2025.
• As a reminder, once these compliance measures are implemented, employees who have not taken the required steps to be compliant with training and/or secured device requirements will not be able to access secure UCR resources and applications. 

Exemption Process for The Security Toolset Requirement

Device exemptions are only granted under rare and special circumstances. For example, an exemption may be possible for a device that cannot support the security toolset (e.g., certain scientific equipment, high-performance computing cluster, or sensitive research devices). Similarly, individuals with contingent or limited appointments may be exempt if the security toolset is not compatible with their home organization’s security policies.

To request an exemption, please fill out the Information Security Office consultation form in the IT service portal. Select “Other Risk Assessment” from the Category drop-down. Please also include the following information in the Short Description field:

1. Briefly describe the exception you’re seeking and the justification for it
2. Name of the device (learn how to find it on an Apple device or Windows device)
3. MAC address of the device (learn how to find it)
4. Which UCR resources you access with the device

The Information Security Office may reach out for additional information as it performs the risk assessment.

Even if a device is granted an exception, it must still be inventoried and have an ISO-approved security plan for how the device will be kept safe. Note that exceptions are rarely granted. No exceptions will be made for personal devices.

UCOP Webinar and Office Hour Sessions

The UC Office of the President (UCOP) will hold a special seminar on June 10, 2025 at 12 PM to discuss the implementation of the Endpoint Detection & Recovery (EDR) tool and its potential impact on academic work. Details can be found at events.ucr.edu. Interested employees, particularly faculty members, are encouraged to attend.

Lastly, ITS added new dates to the UC Cybersecurity Mandate office hours that are open to all employees. Listed below is the new schedule. Details are available at events.ucr.edu.

• July 2, 2025 at 1:00 PM 
• July 30, 2025 at 1:00 PM 
• September 3, 2025 at 1:00 PM 
• October 10, 2025 at 10:00 AM 
• November 6, 2025 at 2:00 PM 
• December 9, 2025 at 11:00 AM

Important: Campus communications are intended to address the general campus community but are not inclusive of all employees. ITS, Labor and Employee Relations (LER), and the Academic Personnel Office (APO) have been in contact with the Union Representatives of some represented employee groups.

Please review the toolset FAQs to see how these changes are being considered and implemented with respect to your employment contract. If you have any questions related to the changes, please reach out to your union representative to discuss.