Download the UC-Mandated Security Toolset
UC-Mandated Tools to Access Secure Campus Resources
UCR has identified three industry-standard security tools known for their effectiveness in helping organizations identify and manage vulnerabilities, mitigate risks, and respond swiftly to events by monitoring systems for signs of cyber threats, as well as keep track of vital data. The UCR security toolset provides even more robust security services for university-managed devices, such as delivering automatic updates and maintaining the health of the devices.
As part of UCR's plan to meet the new UC Cybersecurity Mandate, our campus policy now requires that the three applications in the UCR security toolset be installed and run on all devices that connect to secure UCR networks and cloud resources. All devices must be in compliance by May 28, 2025.
Security Outcomes Addressed by These Tools
Tools to Protect Your Work and Preserve Your Legacy
Imagine our collective University data – research findings, financial records, sensitive personal information – as priceless works of art and historical artifacts housed within the Smithsonian. This vast collection represents the heart and soul of our institution, a treasure trove of knowledge, innovation, and individual contributions to our shared legacy.
Much like the Smithsonian’s sprawling complex of museums, UCR’s colleges, schools, departments, and administrative units house important artifacts that require preservation and protection from theft, damage, and unauthorized access. To protect these invaluable assets, a multi-layered approach is employed. View the cards below to explore this approach:
It's Easy to Ensure Compliance with Secured Device Services (SDS)
SDS ensures that your department meets compliance by providing vulnerability monitoring and remediation, virus protection, and asset management. Campus leadership has called for all units to move to SDS. In the meantime, it is required that those who manage their own devices install and use the security toolset.
-
Will these tools monitor my personal activity, emails, or browsing history?
These tools are designed to protect against cybersecurity threats. They focus on detecting unusual, malicious, or potentially harmful activity and not on monitoring personal information.
-
Will these tools slow down my device or interfere with my work?
We've carefully selected tools that are lightweight and have minimal impact on device performance. It is worth noting that these tools are not new. UCR currently utilizes these tools but now must expand coverage across campus to strengthen security. If you experience any issues, please submit an IT ticket.
-
Will I be able to control the settings or disable these tools if needed?
Settings on IT-managed devices will be managed centrally to ensure optimal security. For personal devices, you will have some control over settings, but default configurations should be preserved for maximum protection and program compliance. Please note that noncompliance will result in the inability to access secure UCR resources and applications.
-
Why are these tools necessary?
Universities are among the most targeted entities by Nation States and other bad actors, and their attempts to attack us are becoming more sophisticated and frequent. Each tool in the UCR security toolset serves a unique and important purpose. Together, these tools provide an additional layer of protection for our University data and systems and, importantly, your sensitive personal and financial information.
-
What happens if a threat is detected?
The tools will alert the ITS Information Security Office. UCR’s security professionals will then take appropriate action to investigate and mitigate the threat while adhering to strict UC and campus privacy policies and industry-standard operating procedures.
-
Do I need all three tools?
Yes, each tool is crucial in fulfilling UC's security requirements. To learn about the role of each tool, please refer to the “Tools to Protect Your Work and Preserve Your Legacy” section.
-
Will ITS or any of the tools be able to read my email?
The security tools are not designed to read your email content. Their purpose is to protect your device and university data, not to monitor personal communications. In the event that a potential threat is detected, the ITS Information Security Office is required to investigate while adhering to strict UC and campus privacy policies, including the UC Electronic Communications Policy.
-
Are personal devices, such as BYOD, included in the mandate?
Yes, the security tools must be installed on personal devices if the user wishes to connect to secure UCR resources and applications that hold sensitive institutional data. Mobile devices (phones and some tablets) are not currently subject to the same requirements.
-
Are mobile devices included in the mandate?
No, mobile devices such as phones and tablets* are not subject to the same requirements as computers and laptops under the mandate.
That said, it is still crucial to secure your mobile devices to protect your data. To safeguard your data, utilize complex passwords or biometric authentication, maintain up-to-date software, and exercise caution when using public Wi-Fi for sensitive activities. Be sure to remain vigilant against phishing attempts and establish regular data backup routines. For more information about best practices, refer to Mobile Security Guidance.
*Note: Microsoft Surface Tablets require installation and use of the security tools.
-
What happens if I don't follow the mandate?
The UC President's letter outlines the campus consequences of non-compliance. In an effort to mitigate these consequences, UCR’s security plan employs additional consequences, which include, but are not limited to, restricted access to campus resources (such as networks, WiFi, and online service applications). These measures are necessary to help ensure the safety and security of both the UCR community and our larger UC community.
-
What is the UC Cybersecurity Mandate and where can I learn more about it?
The UC President has called for all UC campuses to achieve key cybersecurity outcomes by May 28, 2025, to help protect sensitive data, maintain operational continuity, comply with regulations, and mitigate financial risks. To learn more about the UC Cybersecurity Mandate, visit the dedicated UC Cybersecurity Mandate 2025 webpage.