As shared in June, we have made incredible strides in meaningfully improving the security of our campus community, including achieving 96% overall compliance with requirements of the UC Cybersecurity Mandate.
This success means that the vast majority of you have already taken the required steps to complete your training and ensure your device is secured by the UCR security toolset. We are now ready to take the next step in our compliance support plan with the phased implementation of security compliance checks beginning September 30, 2025.
To support this transition, please be reminded of the following:
Security compliance checks refer to a verification process that ensures both the device and its user meet UC security standards before granting access to a secure UCR resource. These standards include:
All UCR employees and affiliates, with the exception of academic student employees, are subject to the UC Cybersecurity Mandate 2025 security requirements.
Note: retirees, emeriti, and certain affiliates are not subject to the cybersecurity training requirement but must use a secured device if accessing secure UCR resources.
Once the security compliance checks are implemented, individuals who have not taken the required steps to be compliant with training and/or secured device requirements will not be able to access secure UCR resources and applications. Instead, the individual will be prompted to take the action(s) needed to come into compliance.
| Timeline | Phase | Groups |
| September 30 | Phase 1 | Information Technology Solutions |
| October 1 - 15 | Testing & Phase 1 Hypercare | |
| October 16 | Phase 2 | Administrative units (includes Academic Senate, Intercollegiate Athletics, Palm Desert Center, UNEX) |
| October 17 - 20 | Phase 2 Hypercare | |
| October 21 - 23 | Phase 3 | |
| October 24 - 26 | Phase 3 Hypercare | |
| October 27 - 30 | Phase 4 | Schools and Colleges |
| October 31 | Phase 5 | Select remaining groups (includes Unit 18 Lecturers and non-active emeriti and retirees) |
| November 3 - November 7 | Phases 4 & 5 Hypercare | Schools, Colleges, and select remaining groups |
Please keep an eye out for information from your administrator, as ITS is notifying org administrators of their respective implementation dates.
Duo Desktop is the security check mechanism and was added to the August 2025 release of the UCR security toolset. As a result, Duo Desktop should have been automatically added to all devices that contain the toolset. If for any reason your device did not receive Duo Desktop, please follow the guidance contained in this knowledge article (note that you must be logged in with your UCR NetID credentials to view this protected article).
All UCR resources that require authentication using netID and password are considered secure resources and are therefore subject to the security compliance checks. However, the following secure resources are currently exempt and will remain accessible:
It is important to note that the list of resources excluded from compliance checks will be reevaluated as part of ongoing operations to determine whether any changes need to be made for security or user accessibility purposes. In the event of a change to this resource list, campus will be notified.