[Ucrea] UC Cybersecurity Mandate: Secure Access Checks Begin December 1

Cristina Otegui cristina.otegui at ucr.edu
Mon Nov 24 09:27:32 PST 2025 

[image: A close-up of a sign Description automatically generated]



November 24, 2025

To:

UCR Emeriti & Retirees

From:

Central HR Retirement Center on Behalf of UCR Information Technology
Solutions (ITS)

Re:

UC Cybersecurity Mandate: Secure Access Checks Begin December 1

Please read the communication below from ITS sharing the upcoming IT
security changes as it relates to emeriti and retirees. As noted in
October, the exception list includes many services commonly used by emeriti
and retirees—such as UCR email, calendar, online library resources, UCR
Zoom, and R'Space—which will remain accessible without downloading the
security toolset. While access to these services does not require security
access checks at this time, ITS has shared that this exception list could
be subject to change in the future for security or user accessibility
purposes.


[image: image]
On December 1, 2025, UC Riverside will begin the phased rollout of secure
access checks for emeriti and retirees.

Dear Colleague,

In line with our UC Cybersecurity Mandate compliance support plan
<https://its.ucr.edu/blog/2025/09/12/uc-cybersecurity-mandate-2025-compliance-support-plan-updates>,
UC Riverside will begin the phased rollout of secure access checks for
emeriti and retirees on December 1, 2025. This phased approach allows ITS
to provide focused support for your group to help ensure minimal disruption
to your work.
Secure Access Checks: Reminder of What to Expect

Once the secure access checks are implemented, individuals who have not
taken the required steps to be compliant with user authentication and
secured device requirements will not be able to access secure UCR resources
<https://its.ucr.edu/blog/2025/09/12/uc-cybersecurity-mandate-2025-compliance-support-plan-updates>
and applications. Instead, the individual will be prompted to take the
action(s) needed to come into compliance. Once the secure access check is
able to verify that the user and their device meet the UC standards, the
individual will be able to access secure campus resources.
Please Revisit the Checklist

Below is a checklist that you can review to make sure you are compliant
with the security requirements:

   1.

   Use Multi-Factor Authentication (MFA): While you are already required to
   use MFA in order to access secure resources, you are encouraged to set up
   more than one authentication method. Learn more at its.ucr.edu/mfa.
   2.

   Use the UCR Security Toolset: If you manage your own device, visit
   its.ucr.edu/uc-security-toolset to download and install the UCR Security
   Toolset if you have not already done so (note that university-managed
   devices already contain the toolset).
   -

      Duo Desktop is the security check mechanism and it was added to
the August
      2025 release
      <https://docs.google.com/document/d/1R9d0zK7M-4o-YsihgjZSXB-KuqooxjSJuTmzruI0AB4/edit?usp=sharing>
      of the UCR security toolset. As a result, Duo Desktop should have been
      automatically added to all devices that contain the toolset. If for any
      reason your device did not receive Duo Desktop, please follow the
      guidance contained in this knowledge article
      <https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0012281&sys_kb_id=62a1d127477ae210c85323c4116d434a#Download_19042719>
      .
      -

      If you are using a non-managed
      <https://its.ucr.edu/uc-security-toolset#what-is-the-difference-between>
      (i.e., no administrative support from IT) Mac laptop or computer
to perform
      university work, please follow the instructions in this knowledge
      article
      <https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0012337>
      to manually allow your device to run the required version of the UCR
      Security Toolset by November 30, 2025.


Note: Emeriti and retirees are not subject to the cybersecurity training
requirement.

For detailed information regarding secure access checks, including what
they are, the schedule for the phased implementation, and which secure UCR
resources are exempt, please refer to the ITS blog
<https://its.ucr.edu/blog/2025/09/12/uc-cybersecurity-mandate-2025-compliance-support-plan-updates>
.


Sincerely,

Matthew Gunkel

Chief Information Officer and Associate Vice Chancellor

Dewight F. Kramer

Chief Information Security Officer

Information Technology Solutions



Information Technology Solutions

Computing & Communications Building

900 University Ave.

Riverside, CA 92521

951-827-4848 | its.ucr.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ucr.edu/pipermail/ucrea/attachments/20251124/7aca6e70/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image
Type: image/png
Size: 40409 bytes
Desc: not available
URL: <https://lists.ucr.edu/pipermail/ucrea/attachments/20251124/7aca6e70/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 18977 bytes
Desc: not available
URL: <https://lists.ucr.edu/pipermail/ucrea/attachments/20251124/7aca6e70/attachment-0003.png>

More information about the Ucrea mailing list