​Top 5 Things to Know

1.  All UC locations must comply with new information security requirements by May 2025, as mandated by the UC President at the direction of the UC Regents.

2. These requirements apply to all UC employees, including faculty. UCOP has outlined enforcement measures. UCR-specific enforcement measures will be shared with campus once finalized.

3. UCR is currently implementing its plan to meet these new requirements, which includes mandatory cybersecurity training, identity verification enhancements, and the use of industry-standard security tools.

4. As part of this plan, all three applications in the UCR security toolset must be installed on all devices that connect to secure UCR networks and cloud resources. These applications are not optional. To facilitate compliance, the Provost has called for all units to move to ITS' Secured Device Services by May 23, 2025.  

5. UCR is actively working to inform all employees about the new security requirements and how to meet them (please continue to check this page for the most up-to-date information).

Security Investment Roadmap

Campus completion of UC Cyber Security Awareness Fundamentals training, identify verification enhancements, and use of the three UCR-mandated security tools are, collectively, an important first step in meeting the required cybersecurity outcomes. The campus can expect that additional measures will be implemented as UCR works to come into full compliance. 

We are committed to transparency throughout this process. Information about required actions and next steps will be communicated to campus on this webpage and, where possible, through other campus communication channels and forums, including webinars. Regular progress reports on our collective compliance will be provided to campus leadership, including deans, vice chancellors, the Vice Provost, the Provost, and other unit leaders and stakeholders. These reports will highlight our achievements and identify areas that require improvement.

UCR Secure Trust Program

While the UC Cybersecurity Mandate 2025 catalyzes immediate action, it's important to understand that UCR has already embarked on a journey to enhance its information security through the UCR Secure Trust program. This program is based on the Zero Trust security model, which prioritizes security at every layer of the technology stack, from network and device to user and application. The UCR Secure Trust program is built on five key pillars: Identity and Access Management (IAM), Managed Endpoints, Application Security, Network Segmentation, and Data Security. 

The UC mandate aligns with and reinforces the goals of the UCR Secure Trust program. While the mandate requires that specific actions be taken by a certain deadline, the UCR Secure Trust program provides a broader framework for continuous improvement and long-term cybersecurity resilience.

By combining the immediate actions required by the UC mandate with the comprehensive approach of the UCR Secure Trust program, we are confident in UCR’s ability to create a safer and more secure digital environment for our entire Highlander community.

UCR’s Information Security Office

The UC Riverside Information Security Office is here to inform and support UCR and its associated communities to improve UC Riverside’s information security posture. This will help the community securely generate, advance, disseminate, and apply data and knowledge as it pursues the UC mission of teaching, research, and public service.