UC Cybersecurity Mandate 2025

Take the UC Training

All UCR employees, including faculty, must complete and remain current on the UC Cyber Security Awareness Fundamentals training to ensure continued access to UCR applications and resources.  

Verify Your Identity

UCR employees must use multi-factor authentication (MFA) when accessing campus resources and heath email systems. Prepare for upcoming enhancements by downloading and using the Duo Mobile app.

Download the Security Toolset

To meet compliance, UCR employees must install and use three UCR-mandated security tools in order to connect a device to UCR's secure networks and cloud resources. These applications are not optional. 

Please note:  Additional campus enforcement measures may be needed to meet compliance. Guidance will be provided as soon as details are available. 

UCr Gold Line

​Top 5 Things to Know

  1.  All UC locations must comply with new information security requirements by May 2025, as mandated by the UC President at the direction of the UC Regents.

  2. These requirements apply to all UC employees, including faculty. UCOP has outlined enforcement measures. UCR-specific enforcement measures will be shared with campus once finalized.

  3. UCR is currently implementing its plan to meet these new requirements, which includes mandatory cybersecurity training, identity verification enhancements, and the use of industry-standard security tools.

  4. As part of this plan, all three applications in the UCR security toolset must be installed on all devices that connect to secure UCR networks and cloud resources. These applications are not optional. 

  5. UCR is actively working to inform all employees about the new security requirements and how to meet them (please continue to check this page for the most up-to-date information).

UCr Gold Line

UC President and Regents
Call UCR to Action

The development of a comprehensive information security program was already in motion at UCR, demonstrating the University's proactive commitment to safeguarding its valuable data and systems. However, the UC President's letter has introduced a renewed sense of urgency into the implementation of this program.

The letter's firm deadlines and potential consequences for non-compliance underscore the critical importance of cybersecurity in today's digital landscape. As such, the successful execution of UCR's security program now necessitates the active cooperation and participation of all faculty, staff, and students. As highlighted by the Provost, everyone plays a crucial role in maintaining a secure digital environment, and collective efforts are essential to protect our research and personal data, prevent cyberattacks, and ensure the continued success of the University's mission.

Select a tab below to view key takeaways from the letter and UCR's planned response:

The UC President's letter calls for all UC campuses to achieve key cybersecurity outcomes by May 28, 2025, to help protect sensitive data, maintain operational continuity, comply with regulations, and mitigate financial risks.
 

The UC President's letter explicitly states that all UCR units and employees, including faculty, must comply.

Note: Students are exempt unless they are administrative (non-academic) employees of the university.

As stated in the UC President's letter, campus consequences for non-compliance include:

  • 15% increase in cyber insurance premiums
  • Up to $500,000 in costs for security incidents
  • Merit increases for unit heads require Chancellor's approval
     

According to the the UC President's letter, all UC campuses are expected the achieve the following outcomes by May 28, 2025: 

  • Ensure 100% of faculty and staff complete cybersecurity awareness training
  • Ensure timely escalation of security incidents by adhering to UC incident response and cybersecurity escalation standards
  • Identify, track, and manage vulnerabilities of all devices that connect to campus resources
  • Deploy UC-approved Endpoint Detection and Recovery (EDR) software on 100% of assets
  • Deploy and configure multi-factor authentication (MFA) on 100% of campus and health email systems
  • Deploy and configure a robust Data Loss Prevention (DLP) solution for health email systems

UCR’s Information Security Office is responding to these requirements accordingly, with six projects that will achieve each of these outcomes.
 

UCR is currently implementing its plan to meet these new requirements, which includes the use of industry-standard security toolsets and best practices. The following campus enforcement measures apply to all UCR employees:

  • Timely completion of annual UC Cyber Security Awareness Fundamentals training to access UCR applications and resources 
  • Although already required to access most secure UCR resources, multi-factor authentication (MFA) is now required of anyone using campus and health email systems
    • Campus can also expect enhancements to the way users verify their identity when accessing secure resources, including the sunsetting of SMS and call options
  • Installation and use of the three UCR-mandated security tool applications* in order to connect a device to UCR's secure networks and cloud resources  
  • Additional enforcement measures (guidance will be provided as soon as details are available)

*These tools are provided to employees at no cost. Employees who use devices that are not managed by ITS or their local IT department will need to install the tools themselves. Please see the Secure Your Devices section below.

 

UCr Gold Line

Complete the UC Cyber Security Awareness Fundamentals training 

To maintain access to UCR applications and resources, all employees need to complete the UC Cyber Security Awareness Fundamentals training every year when prompted by the UC Learning Center (LMS). 

  • Timely completion of the mandatory annual Cybersecurity Training is crucial to your annual performance appraisal (employee evaluation), and noncompliance may impact your eligibility for a merit award. 
  • Supervisors are responsible for ensuring that all employees comply with their training requirements. 

     

UCr Gold Line

Verify Your Identity with the UCR Authentication Application

Use Duo Mobile, UCR's official MFA tool, to further secure your account when accessing UCR applications and resources. 

UCr Gold Line

Secure Your Devices

As part of UCR's plan to meet the new UCOP mandate, our campus policy now requires that three industry-standard security tools be installed and run on all devices that connect to secure UCR networks and cloud resources. All devices must be in compliance by May 28, 2025.        

UCr Gold Line

Security Investment Roadmap

Campus completion of UC Cyber Security Awareness Fundamentals training, identify verification enhancements, and use of the three UCR-mandated security tools are, collectively, an important first step in meeting the required cybersecurity outcomes. The campus can expect that additional measures will be implemented as UCR works to come into full compliance. 

We are committed to transparency throughout this process. Information about required actions and next steps will be communicated to campus on this webpage and, where possible, through other campus communication channels and forums, including webinars. Regular progress reports on our collective compliance will be provided to campus leadership, including deans, vice chancellors, the Vice Provost, the Provost, and other unit leaders and stakeholders. These reports will highlight our achievements and identify areas that require improvement.

UCR Secure Trust Program

While the UC Cybersecurity Mandate 2025 catalyzes immediate action, it's important to understand that UCR has already embarked on a journey to enhance its information security through the UCR Secure Trust program. This program is based on the Zero Trust security model, which prioritizes security at every layer of the technology stack, from network and device to user and application. The UCR Secure Trust program is built on five key pillars: Identity and Access Management (IAM), Managed Endpoints, Application Security, Network Segmentation, and Data Security. 

The UC mandate aligns with and reinforces the goals of the UCR Secure Trust program. While the mandate requires that specific actions be taken by a certain deadline, the UCR Secure Trust program provides a broader framework for continuous improvement and long-term cybersecurity resilience.

By combining the immediate actions required by the UC mandate with the comprehensive approach of the UCR Secure Trust program, we are confident in UCR’s ability to create a safer and more secure digital environment for our entire Highlander community.

UCR’s Information Security Office

The UC Riverside Information Security Office is here to inform and support UCR and its associated communities to improve UC Riverside’s information security posture. This will help the community securely generate, advance, disseminate, and apply data and knowledge as it pursues the UC mission of teaching, research, and public service.

UCr Gold Line

Frequently Asked Questions

UCr Gold Line

More Resources 

Let us help you with your search