
<div dir="ltr"><p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">RITL, </p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">This email is to remind you of the campus NDAA 889

Compliance Plan and the upcoming change to networking services, now taking

place on <b>June 30, 2022</b>. </p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif"><b>Background</b></p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">UC Riverside is legally required to adhere to <a href="https://its.ucr.edu/cybersecurity/ndaa" style="color:rgb(5,99,193)">Section 889 of the 2019 National

Defense Authorization Act (NDAA 889)</a>, which prohibits the use of equipment made

by a <a href="https://smartpay.gsa.gov/ndaa-section-889" style="color:rgb(5,99,193)">limited set of

manufacturers</a>. In compliance with this Federal requirement and resulting <a href="https://researchmemos.ucop.edu/php-app/index.php/site/document?memo=UlBBQy0yMC0wNQ==&doc=3765" style="color:rgb(5,99,193)">UCOP

guidance</a>, the Chief Compliance Office (CCO) and Information Technology

Solutions (ITS) have partnered to develop a <a href="https://its.ucr.edu/cybersecurity/ndaa/guidance" style="color:rgb(5,99,193)">compliance plan</a> for

campus.</p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif"><b>What is changing?</b></p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">The compliance plan includes a change to networking

services, taking place June 30, 2022. This change will affect anyone attempting

to make a wired connection to the UCR-secure network using a non-compliant

device, as the connection will be denied. </p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">Please note that the original publication of the NDAA 889

Compliance Plan included specific scanning requirements for campus units that

monitor their own network. This guidance has since been revised, as ITS will

work with these units to conduct reasonable inquiries. </p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">Please <a href="https://its.ucr.edu/blog/ndaa" style="color:rgb(5,99,193)">refer to this

article</a> for more information about the changes taking place.</p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif"><b>How does this affect RITL?</b></p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">The prohibition of these devices will impact anyone

currently using them, which likely includes researchers and graduate students

(among others). The impact will be that people will be unable to connect these

devices physically (e.g., via ethernet) to the UCR network.  </p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">It is important to note that the prohibition of these

devices applies to <i>all</i> University

business and research activity, regardless of the funding source. Please refer

to the <a href="https://its.ucr.edu/cybersecurity/ndaa/guidance" style="color:rgb(5,99,193)">compliance

plan</a> for guidance on roles and responsibilities.</p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif"><b>Where can I find

additional resources?</b></p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">For more information about NDAA 889, please refer to these

campus resources: </p>


<ul style="margin-top:0in;margin-bottom:0in" type="disc">

 <li class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif"><a href="https://its.ucr.edu/sites/g/files/rcwecm321/files/2022-02/NDAA%20889%20Compliance%20Plan%2001-22.pdf" title="NDAA 889 Plan for UC Riverside" style="color:rgb(5,99,193)">Compliance Plan for Implementation

     of Section 889 of the National Defense Authorization Act (NDAA) for Fiscal

     Year 2019</a> </li>

 <li class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif"><a href="https://its.ucr.edu/cybersecurity/ndaa" title="NDAA 889 - UCR" style="color:rgb(5,99,193)">Information

     about NDAA 889, including a list of prohibited manufacturers</a> </li>

</ul>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">Thank you for your attention to this matter, </p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">Kiersten Boyce<br>

Associate Vice Chancellor and Chief Compliance Officer<br>

Chief Compliance Office</p>


<span style="font-size:11pt;line-height:107%;font-family:Calibri,sans-serif">Dewight Kramer <br>

Chief Information Security Officer <br>

Information Technology Solutions </span><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Mar 29, 2022 at 12:54 PM UCR Information Technology Solutions <<a href="mailto:its@ucr.edu">its@ucr.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">RITL Members, </p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">This email is to inform you of a new campus compliance plan

and an upcoming change to networking services taking place on May 2, 2022. </p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif"><b>Background</b></p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">UC Riverside is legally required to adhere to <a href="https://its.ucr.edu/cybersecurity/ndaa" style="color:rgb(5,99,193)" target="_blank">Section 889 of the 2019 National

Defense Authorization Act (NDAA 889)</a>, which prohibits the use of equipment made

by a <a href="https://smartpay.gsa.gov/ndaa-section-889" style="color:rgb(5,99,193)" target="_blank">limited set of

manufacturers</a>. In compliance with this Federal requirement and resulting <a href="https://researchmemos.ucop.edu/php-app/index.php/site/document?memo=UlBBQy0yMC0wNQ==&doc=3765" style="color:rgb(5,99,193)" target="_blank">UCOP

guidance</a>, the Chief Compliance Office (CCO) and Information Technology

Solutions (ITS) have partnered to develop a <a href="https://its.ucr.edu/cybersecurity/ndaa/guidance" style="color:rgb(5,99,193)" target="_blank">compliance plan</a> for

campus.</p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif"><b>What is changing?</b></p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">The compliance plan includes a change to networking

services, taking place May 2, 2022. This change will affect anyone attempting

to make a wired connection to the UCR-secure network using a non-compliant

device, as the connection will be denied. </p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">The <a href="https://its.ucr.edu/cybersecurity/ndaa/guidance" style="color:rgb(5,99,193)" target="_blank">compliance

plan</a> also outlines the responsibilities of all campus units that manage any

aspect of the network and/or procure equipment and services. </p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">Please <a href="https://its.ucr.edu/blog/ndaa" style="color:rgb(5,99,193)" target="_blank">refer to this

article</a> for more information about the changes taking place.</p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif"><b>How does this affect RITL?</b></p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">The prohibition of these devices will impact anyone

currently using them, which likely includes some researchers (among

others). As of May 2, 2022, network connection will be denied to any

non-compliant device attempting a <i>wired</i>

connection (e.g., via ethernet cable) to the UCR-secure network. Non-compliant

devices attempting to <i>wirelessly</i>

connect to the UCR-secure network are already automatically re-routed to a

non-secure network. Together, these networking policies mean that the user of a

non-compliant device is unable to access secure campus resources. </p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">It is important to note that the prohibition of these

devices applies to <i>all</i> University

business and research activity, regardless of the funding source. Please refer

to the <a href="https://its.ucr.edu/cybersecurity/ndaa/guidance" style="color:rgb(5,99,193)" target="_blank">compliance

plan</a> for guidance on roles and responsibilities.</p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif"><b>Where can I find

additional resources?</b></p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">For more information about NDAA 889, please refer to these

campus resources: </p>


<ul style="margin-top:0in;margin-bottom:0in" type="disc">

 <li class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif"><a href="https://its.ucr.edu/cybersecurity/ndaa/guidance" title="NDAA 889 Plan for UC Riverside" style="color:rgb(5,99,193)" target="_blank">Compliance Plan for Implementation

     of Section 889 of the National Defense Authorization Act (NDAA) for Fiscal

     Year 2019</a> </li>

 <li class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif"><a href="https://its.ucr.edu/cybersecurity/ndaa" title="NDAA 889 - UCR" style="color:rgb(5,99,193)" target="_blank">Information

     about NDAA 889, including a list of prohibited manufacturers</a> </li>

 <li class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif"><a href="https://its.ucr.edu/cybersecurity/ndaa/guidance" title="NDAA 889 Guidance for Campus Units" style="color:rgb(5,99,193)" target="_blank">NDAA 889 guidance for campus

     units</a>  </li>

</ul>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">Thank you for your attention to this matter, </p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">Kiersten Boyce<br>

Associate Vice Chancellor and Chief Compliance Officer<br>

Chief Compliance Office</p>


<p class="MsoNormal" style="margin:0in 0in 8pt;line-height:107%;font-size:11pt;font-family:Calibri,sans-serif">Dewight Kramer <br>

Chief Information Security Officer <br>

Information Technology Solutions </p></div>

</blockquote></div>