Download the UC-Mandated Security Toolset
Faculty and staff who manage their own devices are required to manually download the security toolset to install it on any device they use to connect to secure UCR networks and cloud resources. Installing the toolset on a personal device is not required, however, it should be noted that any device not running the toolset will be prohibited from accessing secure UCR resources. In-person IT support is available Monday through Friday, 8:30am to 8:30pm, at the IT Support Services stations located at the Tomás Rivera Library, Orbach Science Library, and Student Success Center.
It's Easy to Ensure Compliance with Secured Device Services (SDS)
SDS ensures that your department meets compliance by providing vulnerability monitoring and remediation, virus protection, and asset management. As part of UCR's security investment roadmap, campus leadership has called on all units to move to SDS to improve the university's security posture. In the meantime, it is required that faculty and staff who manage their own devices install and use the security toolset.
UC-Mandated Tools to Access Secure Campus Resources
UCR has identified industry-standard security tools known for their effectiveness in helping organizations identify and manage vulnerabilities, mitigate risks, and respond swiftly to events by monitoring systems for signs of cyber threats, as well as keep track of vital data. The UCR security toolset provides even more robust security services for university-managed devices, such as delivering automatic updates and maintaining the health of the devices.
As part of UCR's plan to meet the new UC Cybersecurity Mandate, our campus policy now requires that the applications in the UCR security toolset be installed and run on all devices that connect to secure UCR networks and cloud resources. All devices must be in compliance by May 28, 2025.
Security Outcomes Addressed by These Tools
Tools to Protect Your Work and Preserve Your Legacy
Imagine our collective University data – research findings, financial records, sensitive personal information – as priceless works of art and historical artifacts housed within the Smithsonian. This vast collection represents the heart and soul of our institution, a treasure trove of knowledge, innovation, and individual contributions to our shared legacy.
Much like the Smithsonian’s sprawling complex of museums, UCR’s colleges, schools, departments, and administrative units house important artifacts that require preservation and protection from theft, damage, and unauthorized access. To protect these invaluable assets, a multi-layered approach is employed. View the cards below to explore this approach:
Vulnerability Management, Detection, and Response (VMDR)
The Architects
↓
Endpoint Management (EM)
The Environmental Controls
↓
Endpoint Detection and Response (EDR)
The Security System
↓
William Kidder
Campus Privacy Officer
-
Why are these security tools necessary?
Universities are among the most targeted entities by Nation States and other bad actors, and their attempts to attack us are becoming more sophisticated and frequent. Each tool in the UCR security toolset serves a unique and important purpose. Together, these tools provide an additional layer of protection for our University data and systems and, importantly, your sensitive personal and financial information.
-
Do I need all of the tools in the UCR Security Toolset?
Yes, each tool is crucial in fulfilling UC's security requirements. To learn about the role of each tool, please refer to the "UCR Security Toolset Purpose and Use" whitepaper. Note that, as with all sensitive university information, you must be logged in with your UCR NetID in order to view this document.
-
What types of operating system and hardware are compatible with the UCR Security Toolset?
Please visit the UCR Security Toolset download page to learn the minimum device requirements.
-
Do I need to have the security toolset on my personal laptop if I use it on campus to connect to the UCR Wi-Fi network?
No, currently the campus network (i.e., connecting to the internet via LAN or WiFi) is not considered a secure UCR resource. Highlanders can connect via LAN or WiFi to the campus network. Whether on or off the campus network, when employees attempt to log into a secure UCR resource, such as an application, the user credentials will be checked for compliance with the mandatory UC Cyber Security Awareness Fundamentals training and the device will be checked to ensure that it is running the UCR Security Toolset before access to the secure resource is granted.
As a reminder, university devices should be used to perform university work (with the exception of UCR email and calendar). It is not recommended that employees use personal devices, however, if a faculty members wants to use a personal laptop/computer to access a secure UCR resource, the toolset must be running on that device in order for access to the secure UCR resource to be granted.
-
What information is the security toolset collecting and who can see it?
To learn more about the UCR-mandated security toolset, please read the UCR Security Toolset Whitepaper (UCR login required to access the document).
-
Will ITS or any of the tools monitor my personal activity, emails, or browsing history?
These tools are designed to protect against cybersecurity threats. They focus on detecting unusual, malicious, or potentially harmful activity and not on monitoring personal information.
The security tools are not designed to read your email content. Their purpose is to protect your device and university data, not to monitor personal communications. To learn more, please read the UCR Security Toolset whitepaper. In the event that a potential threat is detected, the ITS Information Security Office is required to investigate while adhering to strict UC and campus privacy policies, including the UC Electronic Communications Policy.
-
Will these security tools slow down my device or interfere with my work?
We've carefully selected tools that are lightweight and have minimal impact on device performance. It is worth noting that these tools are not new. UCR currently utilizes these tools but now must expand coverage across campus to strengthen security. If you experience any issues, please submit an IT ticket.
-
Will I be able to control the settings or disable these security tools if needed?
Settings on IT-managed devices will be managed centrally to ensure optimal security. For personal devices, you will have some control over settings and can uninstall the toolset at any time. However, default configurations should be preserved for maximum protection and program compliance. Please note that, upon attempting to access a secure UCR resource, the device will be checked to ensure that the UCR Security Toolset applications are running. If the device check reports that the tools are not active on the device, the user will be prompted to install and/or run the tools. Access to the secure UCR resource will not be granted until the device security compliance check confirms that the device is secured by the tools in the toolset.
-
What happens if a threat is detected?
The tools will alert the ITS Information Security Office. UCR’s security professionals will then take appropriate action to investigate and mitigate the threat while adhering to strict UC and campus privacy policies and industry-standard operating procedures. Read more about the UCR Information Security Office (ISO) Incident Response Plan in the ITS Knowledge Base. Note that you must be logged into ServiceNow with your UCR credentials in order to access this guidance.
-
What happens if I try to access secure UCR resources with a device that is not secured by the UCR Security Toolset?
Upon attempting to access a secure UCR resource, the device will be automatically checked to ensure that the UCR Security Toolset applications are running. If the device check reports that the tools are not active on the device, the user will be prompted to install and/or run the tools. Access to the secure UCR resource will not be granted until the device security compliance check confirms that the device is secured by the tools in the toolset.
It is also important to note that access to a secure UCR resource may be denied in the event that the employee is not current on their required annual UC Cybersecurity Training. In this case, even if the toolset is running on the device, access will not be granted until the user completes their mandatory training. In this case, the employee should receive a message prompting them to complete the training when they are denied access to the resource.
-
How can I confirm that I have successfully installed the UCR security toolset on my device?
The "Checking a Device for the UCR Security Toolset" IT knowledge article provides guidance that will help you check if the UCR Security Toolset is installed on a Windows or Mac device. Note that you need to log in to the IT Service Center to view the article (learn how).
-
How can I report download and installation issues with the UCR security toolset?
You may submit a ticket to BearHelp and select the Category "Desktop/Laptop Services" and the Subcategory "Software Issue" in the form.
-
What is the difference between managed and non-managed devices?
Managed devices refer to devices (e.g., desktops, laptops, smartphones, and tablets) that are managed, secured, and maintained either by ITS (including Secured Device Services) or by local UCR IT departments. Non-managed devices are managed and maintained by individuals with no administrative support from IT.
-
How do I know if my department is a member of Secured Device Services?
View the list of departments that are part of ITS Secured Device Services in the IT Knowledge Base.
-
I am a Unit 18 Lecturer. How can I obtain a university-issued device?
In partnership with the Provost, ITS is standing up a Lecturer Device Program for Local Unit 18 Lecturers. ITS will work to finalize the program over summer to support a Fall 2025 implementation. In the interim, Unit 18 Lecturers who need access to a secured device to perform university work between June and September can fill out a Hardware Request form in the IT service portal (note: select the Request Type of “Equipment Loan (UC-AFT Unit 18 Faculty Only)".
It should be noted that the devices are owned by the university and are assigned to the employee on an employment basis. The employee may request an equipment extension or refresh, as needed. Additional information and details about the device program will be provided as soon as this information becomes available.
Please note that academic personnel who are not Unit 18 Lecturers should work either with their local administrators or the Academic Personnel Office (APO) to request a university-issued device.
-
Are personal devices, such as BYOD, included in the mandate?
It is not required that the UCR Security Toolset be installed on personal devices. It is required that any device being used to access secure UCR resources be secured with the tools in the toolset. If an employee chooses to use a personal device to access secure UCR resources, yes, the toolset must be installed and running on the device. Mobile devices (phones and some tablets*) are not currently subject to the same requirements.
Please note that the Provost has stated that university devices should be used to perform university work. All staff members are expected to use their university-issued devices. Faculty who do not currently have a university-issued device are asked to work with their department administrator or contact the Academic Personnel Office to obtain one. In partnership with the Provost, ITS is standing up a Lecturer Device Program for Local 18 to issue university devices to these lecturers beginning Fall 2025. Local 18 Lecturers are asked to work with their CFAOs to submit a request to ITS if a device is needed over summer.
*Note: Microsoft Surface Tablets require installation and use of the security tools.
-
Are mobile devices included in the mandate? Are Chromebooks included in the mandate?
No, mobile devices such as phones and tablets* and Chromebooks (even if they are university-issued) are not subject to the same requirements as computers and laptops under the mandate.
That said, it is still crucial to secure your mobile devices to protect your data. To safeguard your data, utilize complex passwords or biometric authentication, maintain up-to-date software, and exercise caution when using public Wi-Fi for sensitive activities. Be sure to remain vigilant against phishing attempts and establish regular data backup routines. For more information about best practices, refer to Mobile Security Guidance.
*Note: Microsoft Surface Tablets require installation and use of the security tools.
-
Are visiting scholars required to have the UCR security toolset on their computers, laptops, or Microsoft Surface tablets?
Visiting scholars are only required to have the UCR security toolset on their device if they intend to or need to access secure UCR resources. They do not need to have the security toolset to access the EDUROAM and UCR-GUEST WiFi networks.
-
What happens if I don't follow the mandate?
The UC President's letter outlines the campus consequences of non-compliance. In an effort to mitigate these consequences, UCR’s security plan employs additional consequences, which include, but are not limited to, restricted access to sensitive campus resources (such as online service applications). These measures are necessary to help ensure the safety and security of both the UCR community and our larger UC community.
-
What is the UC Cybersecurity Mandate and where can I learn more about it?
The UC President has called for all UC campuses to achieve key cybersecurity outcomes by May 28, 2025, to help protect sensitive data, maintain operational continuity, comply with regulations, and mitigate financial risks. To learn more about the UC Cybersecurity Mandate, visit the dedicated UC Cybersecurity Mandate 2025 webpage.