ITS Logo
Important Information About Telecommuting during COVID-19

UC Cybersecurity Mandate 2025

5 Things to Know about the UC System-Wide Cybersecurity Mandate

  1. All UC locations, including UCI and UCI Health, must comply with new information security requirements by May 2025.
  2. These requirements apply to all UCI-wide employees, including faculty. UCOP has outlined enforcement measures. UCI Health specific enforcement measures will be shared as they become available.
  3. Information Technology Services (ITS), in collaboration with The Office of Information Technology (OIT) are working together on a UCI-specific action plan for these new requirements. Updates will be added to this page as more information becomes available.
  4. Requirements of the UC-wide cybersecurity mandate include mandatory information security training and the use of advanced security protection software on university-owned devices. The full list of requirements is available below.
  5. Benefits of the new cybersecurity mandate include:
    • Proactive, collaborative planning across UC campuses
    • Better protection for university digital infrastructure and data, including UCI and UCI Health
    • Stronger cybersecurity posture for each individual campus
    • Enhanced risk mitigation strategies

Read President Drake’s Letter

(HS Login Required)

The New UC System-Wide Cybersecurity Mandate

6 Requirements for a Stronger Cybersecurity Posture

The new mandate requires all campuses to meet six key cybersecurity requirements by May 2025.

1. Cybersecurity Awareness Training

“Ensure cybersecurity awareness training for 100 percent of location employees.”

(HS Login Required)

4. Endpoint Detection & Response (EDR)

“Deploy and manage UC-approved Endpoint Detection and Response (EDR) software on 100 percent of assets defined by UC EDR deployment standards.”

2. Cyber Incident Escalation Response

“Ensure timely cyber escalation of incidents in alignment with UC Incident response and cybersecurity escalation standards.”

5. Multi-Factor Authentication (MFA)

“Deploy, enable, and configure multi-factor authentication (MFA) on 100 percent of campus and health email systems in conformance with established UC MFA configuration standards.”

3. Computing Device Identification & Management

“Ensure identification, tracking, and vulnerability management of all computing devices connected to university networks.”

6. Data Loss Prevention (DLP) for Health Email Systems

“Deploy and configure a robust DLP solution for all health email systems to mitigate unauthorized data exfiltration.”