<div dir="ltr"><p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">CITL Members, </p>

<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">This email is to inform you of a new campus compliance plan
and an upcoming change to networking services taking place on May 2, 2022. </p>

<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif"><b>Background</b></p>

<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">UC Riverside is legally required to adhere to <a href="https://its.ucr.edu/cybersecurity/ndaa" style="color:rgb(5,99,193)">Section 889 of the 2019 National
Defense Authorization Act (NDAA 889)</a>, which prohibits the use of equipment made
by a <a href="https://smartpay.gsa.gov/ndaa-section-889" style="color:rgb(5,99,193)">limited set of
manufacturers</a>. In compliance with this Federal requirement and resulting <a href="https://researchmemos.ucop.edu/php-app/index.php/site/document?memo=UlBBQy0yMC0wNQ==&doc=3765" style="color:rgb(5,99,193)">UCOP
guidance</a>, the Chief Compliance Office (CCO) and Information Technology
Solutions (ITS) have partnered to develop a <a href="https://its.ucr.edu/cybersecurity/ndaa/guidance" style="color:rgb(5,99,193)">compliance plan</a> for
campus.</p>

<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif"><b>What is changing?</b></p>

<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">The compliance plan includes a change to networking
services, taking place May 2, 2022. This change will affect anyone attempting
to make a wired connection to the UCR-secure network using a non-compliant
device, as the connection will be denied. </p>

<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">The <a href="https://its.ucr.edu/cybersecurity/ndaa/guidance" style="color:rgb(5,99,193)">compliance
plan</a> also outlines the roles and responsibilities of all campus units that
manage any aspect of the network and/or procure equipment and services. </p>

<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">Please <a href="https://its.ucr.edu/blog/ndaa" style="color:rgb(5,99,193)">refer to this
article</a> for more information about the changes taking place.</p>

<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif"><b>How does this affect CITL?</b></p>

<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">Campus units that manage any aspect of the network are
required to adhere to the <a href="https://its.ucr.edu/cybersecurity/ndaa/guidance" style="color:rgb(5,99,193)">campus compliance plan</a>,
which includes network scanning procedures to detect non-compliant devices and
remediation steps. Similarly, all campus units are prohibited from purchasing
or contracting for non-compliant equipment or services. </p>

<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">It is important to note that the prohibition of these
devices applies to <i>all</i> University
business and research activity, regardless of the funding source. </p>

<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif"><b>Where can I find
additional resources?</b></p>

<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">For more information about NDAA 889, please refer to these
campus resources: </p>

<ul style="margin-top:0in;margin-bottom:0in" type="disc">
 <li class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif"><a href="https://its.ucr.edu/cybersecurity/ndaa/guidance" title="NDAA 889 Plan for UC Riverside" style="color:rgb(5,99,193)">Compliance Plan for Implementation
     of Section 889 of the National Defense Authorization Act (NDAA) for Fiscal
     Year 2019</a> </li>
 <li class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif"><a href="https://its.ucr.edu/cybersecurity/ndaa" title="NDAA 889 - UCR" style="color:rgb(5,99,193)">Information
     about NDAA 889, including a list of prohibited manufacturers</a> </li>
 <li class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif"><a href="https://its.ucr.edu/cybersecurity/ndaa/guidance" title="NDAA 889 Guidance for Campus Units" style="color:rgb(5,99,193)">NDAA 889 guidance for campus
     units</a>  </li>
</ul>

<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">Thank you for your attention to this matter, </p>

<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">Kiersten Boyce<br>
Associate Vice Chancellor and Chief Compliance Officer<br>
Chief Compliance Office</p>

<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">Dewight Kramer <br>
Chief Information Security Officer <br>
Information Technology Solutions </p></div>