The
UC President shared a
letter detailing cybersecurity requirements that every UC location is expected to achieve by May 2025, including 100% compliance with:
- Current
cybersecurity awareness training for all employees
(ability to login to most UCSD web applications will eventually be blocked until employees are in compliance with this)
- Timely escalation of
cybersecurity incident response in alignment with UC standards
-
Identification, tracking and
vulnerability management of all computing devices connected to university networks
-
Endpoint Detection & Response (EDR) software deployed on all compatible university computing devices
(ability to login to some UCI web applications and parts of the UCSD network will eventually require employee endpoints to be in compliance with this or be blocked)
-
Multi-factor authentication (MFA) enforced for all university email
(also prevent UCSD email delivery to non-UCSD systems)
- Data Loss Prevention (DLP) implemented for all health email systems (UCSD Health only)
UCSD is also including improvement of other cybersecurity metrics that get reported to the UC Regents into this effort, including endpoint
encryption and
IS-12 compliance with backups.
- Endpoint Encryption Requirements (ref: UC IS-3 Section 10.1 and UC Minimum Security Standard 4.4)
- Portable computing devices: must at least encrypt P3/P4 data at rest, always recommend full disk encryption
- Servers (physically secured): must encrypt P4 data at rest in all forms (files, database, etc)
- Backup Requirements (ref: UC IS-12 Sections 4.2 and 7.3.1, and UC Minimum Security Standard 4.8)
- IT Resources classified at Recovery Level 4 or 5 must have a tested backup or recovery system in the last 12 months
More implementation details will be shared with
Unit Information Security Leads (UISL) as the year progresses, and they will provide status updates on behalf of their Units.
Frequently Asked Questions
+ Expand All
These tools are designed to protect against cybersecurity threats. They focus on detecting unusual, malicious, or potentially harmful activity and not on monitoring personal information. The tools will collect data and metrics regarding the security posture of the device, and its installed software.
We have carefully selected tools that are lightweight and have minimal impact on device performance. It is worth noting that most devices used at UCSD already have EDR tools installed. For UCSD to be fully compliant the coverage of systems must expand fully across all campuses to strengthen security.
Settings on managed devices will be managed centrally to ensure optimal security. For any unmanaged devices, you will have some control over settings, but default configurations should be preserved for maximum protection and program compliance. Please note that devices which are noncompliance will result in the inability to access protected UCSD resources and applications.