[Ucrea] Upcoming IT security changes require the attention of emeriti and retirees
Cristina Otegui
cristina.otegui at ucr.edu
Thu Sep 4 17:23:33 PDT 2025
*[image: A blue text on a white background AI-generated content may be
incorrect.]*
*September 4, 2025*
To:
UCR Emeriti and Retirees
From:
Central HR Retirement Center on Behalf of Information Technology Solutions
(ITS)
Re:
*Upcoming IT security changes require the attention of emeriti and retirees*
Please read the communication below from ITS sharing the upcoming IT
security changes as it relates to emeriti and retirees. Please note the
exception list as many of the services commonly used such as accessing UCR
email, calendar, online library resources, UCR Zoom, and R'Space will
remain accessible without downloading the security toolset. While access to
these services does not require a security download at this time, ITS has
shared that this exception list could be subject to change in the future.
Colleagues,
Thanks to the high overall compliance rate we achieved on the UC
Cybersecurity Mandate, UC Riverside is moving forward with the next steps
in our compliance support plan
<https://insideucr.ucr.edu/announcements/2025/06/05/updates-ucrs-plan-ensure-compliance-uc-cybersecurity-mandate-2025>
(see
previous compliance support plan updates from March 24
<https://insideucr.ucr.edu/announcements/2025/03/24/how-ucr-complying-uc-cybersecurity-mandate>
and May 19, 2025
<https://insideucr.ucr.edu/announcements/2025/05/19/ucrs-plan-comply-uc-cybersecurity-mandate>).
Outlined below are updates on the compliance support plan and its timeline.
Secured Access Checks
The university will implement security compliance checks for emeriti and
retirees starting on October 31, 2025. Security compliance checks refer to
a verification process that ensures both the device and user meet UC
security standards <https://its.ucr.edu/cybersecurity-mandate-2025> before
granting access to a secure UCR resource. These standards include:
-
The user who is attempting to gain access has completed their annual UC
Cyber Security Awareness Fundamentals training
-
The device attempting to gain access is running the UCR Security Toolset
Note: Emeriti and retirees are not subject to the cybersecurity training
requirement.
What This Means for You
If you have the UCR security toolset installed on your device, no further
action is required on your part (departments that are part of the SDS
program
<https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0012086>
already have the UCR security toolset on their device).
Once the security compliance checks are in place, emeriti and retirees who
do not have the UCR security toolset installed will be asked to download
the toolset <https://its.ucr.edu/uc-security-toolset> to come into
compliance. Any device (whether university-issued or personal) that is used
to access secure UCR resources (i.e., applications or systems that require
authentication via UCR NetID credentials) needs to have the UCR security
toolset installed on or before October 31, 2025.
Non-compliance with the UC security standards will result in the inability
to access secure UCR resources. However, the following secure resources are
currently exempt and will remain accessible:
-
Zoom
-
Slack
-
Office 365
-
Google Workspace
-
ServiceNow
-
Canvas
-
UC Learning Center
-
Virtual Private Network (VPN)
-
Community-facing UCR Library services
Please note that the list of resources excluded from compliance checks will
be reevaluated as part of ongoing operations to determine whether any
changes need to be made for security or user accessibility purposes. In the
event of a change to this resource list, campus will be notified.
Also note that additional compliance measures may be required and guidance
will be provided as details are available.
UCR’s Security Verification Mechanism: Duo Desktop
In preparation for the implementation of the security compliance checks,
the UCR security toolset has been upgraded to Version 1.2
<https://docs.google.com/document/d/1R9d0zK7M-4o-YsihgjZSXB-KuqooxjSJuTmzruI0AB4/edit?tab=t.0#heading=h.aiwuilnn557y>,
which includes the deployment of Duo Desktop to all devices that contain
the toolset.
On August 21, 2025, emeriti and retirees who have the UCR security toolset
installed automatically received the upgrade, which includes Duo Desktop.
Duo Desktop is an application that is part of Duo, UCR’s identity security
provider. As previously communicated in our May 19, 2025 update
<https://insideucr.ucr.edu/announcements/2025/05/19/ucrs-plan-comply-uc-cybersecurity-mandate>,
UCR upgraded its Duo service to leverage Duo Desktop as the mechanism for
verifying that both the device and user meet UC security standards before
granting access to secure UCR resources.
Information about the application and its cybersecurity benefits, data
collection <https://help.duo.com/s/article/5566?language=en_US>, and use as
a verification mechanism, as well as its planned deployment and management,
can be found in the UCR Security Toolset Whitepaper
<https://docs.google.com/document/d/1R9d0zK7M-4o-YsihgjZSXB-KuqooxjSJuTmzruI0AB4/edit?usp=sharing>
.
To learn more about the upgraded UCR security toolset, please read the FAQs:
UCR Security Toolset Version 1.2 Release
<https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0012322>
(UCR login required). If you have any questions or concerns, you are
encouraged to join the UC Cybersecurity Mandate office hours with ITS. You
will find the updated schedule at events.ucr.edu
<https://events.ucr.edu/event/uc-cybersecurity-mandate-office-hours-with-its>
.
Sincerely,
Matthew Gunkel
Chief Information Officer and Associate Vice Chancellor
Dewight F. Kramer
Chief Information Security Officer
Read the UCR Security Toolset Upgrade FAQs
<https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0012322>
Other Security Considerations: Upgrade Required as Microsoft Windows 10 No
Longer Supported
Please be reminded
<https://insideucr.ucr.edu/announcements/2025/02/11/upgrade-required-microsoft-windows-10-no-longer-supported>
that Microsoft will end support for Windows 10 on October 14, 2025. This
means that devices running Windows 10 after October 14 will no longer
receive crucial security updates, increasing their vulnerability to cyber
threats. If you use a device that is running Windows 10 you will need to
take action before the deadline to maintain optimal security and comply with UC
security standards <https://its.ucr.edu/cybersecurity-mandate-2025>.
For more information and detailed guidance on the steps you need to take,
please reference the ITS Blog article
<https://its.ucr.edu/blog/2025/02/05/upgrade-required-microsoft-windows-10-no-longer-supported>
.
Guidance
Resources
Read the UCR Security Toolset Purpose and Use whitepaper
<https://docs.google.com/document/d/1R9d0zK7M-4o-YsihgjZSXB-KuqooxjSJuTmzruI0AB4/edit?usp=sharing>
.
Find answers to FAQs about MFA <https://its.ucr.edu/mfa#faq> and the security
toolset <https://its.ucr.edu/uc-security-toolset#security-toolset-faq>.
UC-wide Mandate
All UC campuses are called to comply to help protect sensitive data,
maintain operational continuity, comply with regulations, and mitigate
financial risks associated with cyber attacks.
Read the Letter <https://its.ucr.edu/uc-presidents-letter>
Support
-
Review the toolset information and guidance
<https://its.ucr.edu/uc-security-toolset>
-
Report an issue with installation
<https://ucrsupport.service-now.com/ucr_portal?id=sc_cat_item&sys_id=d10c39ee0f348300138942bce1050e8b>
-
Get help in person by visiting an IT Support station in the libraries or
SSC
-
Attend the next virtual office hour with ITS
<https://events.ucr.edu/event/uc-cybersecurity-mandate-office-hours-with-its>
Download the UCR Security Toolset <http://endpointinventory.ucr.edu/home>
Installation guides are available for Windows
<https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0012265>
and MacOS
<https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0012269>
users.
Learn More
The security toolset is required for any device that is used to connect to
secure UCR networks and cloud resources, including personal devices. These
devices include computers, laptops, and Microsoft Surface tablets (learn
what’s not included
<https://its.ucr.edu/uc-security-toolset#are-mobile-devices-included-in>).
[image: image]
Reason for Change: UC Cybersecurity Mandate 2025
These changes are part of UCR's plan to better protect our community and
comply with a new UC systemwide mandate.
Learn About the Mandate <https://its.ucr.edu/cybersecurity-mandate-2025>
[image: image]
Video: Message from the Provost
Watch this video message from Provost Watkins to learn why UCR is
strengthening MFA, along with other key steps we must take to keep our
Highlander community safe.
Watch on YouTube <https://www.youtube.com/watch?v=8-bMZddr-Bc>
Need IT help? Submit a support ticket at its.ucr.edu/help
Information Technology Solutions
Computing & Communications Building
900 University Ave.
Riverside, CA 92521
951-827-4848 | its.ucr.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ucr.edu/pipermail/ucrea/attachments/20250904/63dc2524/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image
Type: image/png
Size: 604736 bytes
Desc: not available
URL: <https://lists.ucr.edu/pipermail/ucrea/attachments/20250904/63dc2524/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image
Type: image/jpeg
Size: 361433 bytes
Desc: not available
URL: <https://lists.ucr.edu/pipermail/ucrea/attachments/20250904/63dc2524/attachment-0001.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.jpeg
Type: image/jpeg
Size: 2744 bytes
Desc: not available
URL: <https://lists.ucr.edu/pipermail/ucrea/attachments/20250904/63dc2524/attachment-0001.jpeg>
More information about the Ucrea
mailing list