[RITL] Notice of Federally Prohibited Devices and Campus Compliance Plan
UCR Information Technology Solutions
its at ucr.edu
Tue Mar 29 12:54:38 PDT 2022
RITL Members,
This email is to inform you of a new campus compliance plan and an upcoming
change to networking services taking place on May 2, 2022.
*Background*
UC Riverside is legally required to adhere to Section 889 of the 2019
National Defense Authorization Act (NDAA 889)
<https://its.ucr.edu/cybersecurity/ndaa>, which prohibits the use of
equipment made by a limited set of manufacturers
<https://smartpay.gsa.gov/ndaa-section-889>. In compliance with this
Federal requirement and resulting UCOP guidance
<https://researchmemos.ucop.edu/php-app/index.php/site/document?memo=UlBBQy0yMC0wNQ==&doc=3765>,
the Chief Compliance Office (CCO) and Information Technology Solutions
(ITS) have partnered to develop a compliance plan
<https://its.ucr.edu/cybersecurity/ndaa/guidance> for campus.
*What is changing?*
The compliance plan includes a change to networking services, taking place
May 2, 2022. This change will affect anyone attempting to make a wired
connection to the UCR-secure network using a non-compliant device, as the
connection will be denied.
The compliance plan <https://its.ucr.edu/cybersecurity/ndaa/guidance> also
outlines the responsibilities of all campus units that manage any aspect of
the network and/or procure equipment and services.
Please refer to this article <https://its.ucr.edu/blog/ndaa> for more
information about the changes taking place.
*How does this affect RITL?*
The prohibition of these devices will impact anyone currently using them,
which likely includes some researchers (among others). As of May 2, 2022,
network connection will be denied to any non-compliant device attempting a
*wired* connection (e.g., via ethernet cable) to the UCR-secure network.
Non-compliant devices attempting to *wirelessly* connect to the UCR-secure
network are already automatically re-routed to a non-secure network.
Together, these networking policies mean that the user of a non-compliant
device is unable to access secure campus resources.
It is important to note that the prohibition of these devices applies to
*all* University business and research activity, regardless of the funding
source. Please refer to the compliance plan
<https://its.ucr.edu/cybersecurity/ndaa/guidance> for guidance on roles and
responsibilities.
*Where can I find additional resources?*
For more information about NDAA 889, please refer to these campus
resources:
- Compliance Plan for Implementation of Section 889 of the National
Defense Authorization Act (NDAA) for Fiscal Year 2019
<https://its.ucr.edu/cybersecurity/ndaa/guidance>
- Information about NDAA 889, including a list of prohibited
manufacturers <https://its.ucr.edu/cybersecurity/ndaa>
- NDAA 889 guidance for campus units
<https://its.ucr.edu/cybersecurity/ndaa/guidance>
Thank you for your attention to this matter,
Kiersten Boyce
Associate Vice Chancellor and Chief Compliance Officer
Chief Compliance Office
Dewight Kramer
Chief Information Security Officer
Information Technology Solutions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ucr.edu/pipermail/ritl/attachments/20220329/d2ffe897/attachment.html>
More information about the RITL
mailing list