Breadcrumb

Notice of Federally Prohibited Devices and Campus Compliance Plan

ITS will make a change to campus networking services on June 30, 2022, that will affect anyone attempting to make a wired connection to the UCR-secure network using a Federally restricted device. All University employees are responsible for conducting their work in accordance with the new campus NDAA 889 Compliance Plan.

UC Riverside is legally required to adhere to Section 889 of the 2019 National Defense Authorization Act (NDAA 889), which prohibits government contractors and grant recipients from using telecommunication and video surveillance services or equipment made by a limited set of manufacturers. In compliance with this Federal requirement and resulting UCOP guidance, the Chief Compliance Office (CCO) and Information Technology Solutions (ITS) have partnered to develop a compliance plan for campus. 

As part of this plan, ITS will make a change to campus networking services on June 30, 2022.  This change will affect anyone attempting to make a wired connection to the UCR-secure network using a non-compliant device, as the connection will be denied. In other words, people will be unable to connect these devices physically (e.g., via ethernet) to the UCR network. Non-compliant devices attempting to wirelessly connect to the UCR-secure network are automatically re-routed to a non-secure network. Together, these networking policies mean that the user of a non-compliant device is unable to access secure UCR data and systems from the UCR-secure network.   

While ITS will conduct reasonable inquiries to identify suspect devices and remove network access as necessary, all University employees are responsible for conducting their work in accordance with the NDAA 889 Compliance Plan. Unit IT Directors and Unit Information Security Leads should ensure that their networks have received reasonable inquiries and that they work with ITS to identify suspect devices and remove access as necessary. Similarly, all campus units are prohibited from purchasing or contracting for non-compliant equipment or services. See UCR’s NDAA 889 Compliance Plan for more information about these campus obligations.

These efforts are required to ensure the University remains in compliance and maintains its Federal funding, as the US government believes these devices could pose a threat to national security.  It is important to note that the prohibition on these devices applies to all University business and research activity, regardless of the funding source. 

Please find campus resources below: 

Update: Please note that the original publication of the NDAA 889 Compliance Plan included specific scanning requirements for campus units that monitor their own network. This guidance has since been revised, as ITS will work with these units to conduct reasonable inquiries.