Dear Colleagues:
Last year, the UC Office of the President (UCOP) issued a systemwide mandate to strengthen cybersecurity, aiming to protect institutional data and reduce the risk and impact of cyberattacks. All UC campuses are expected to meet cybersecurity requirements across six key areas by May 28, 2025, as part of a coordinated effort to fortify our digital environment and safeguard the broader UC community.
Thanks to your collaboration, and the strong partnership between Digital & Technology Solutions (DTS, formerly IT Services) and IT leaders across schools and units, UCLA has made meaningful progress toward meeting the UCOP requirements.
Building on this momentum, and with fewer than 30 days remaining before UCLA must enforce the UC policy, we need individual faculty and staff action to ensure all required cybersecurity measures are in place.
Your participation is essential — not only to ensure UCLA meets the UC systemwide mandate, but also to strengthen our cybersecurity capabilities and help protect the Bruin Community.
As part of this systemwide effort, changes to how you access UCLA applications will begin on June 1, 2025.
Please review the updates below to ensure you are prepared and do your part in helping UCLA meet these cybersecurity requirements.
What You Need to Know
Starting June 1, 2025, there will be important changes to how you access UCLA applications and systems including:
- Access to most UCLA applications protected by Single Sign-On (SSO) will require completion of UC Cybersecurity Awareness training. Faculty and staff who have not completed the training and are overdue beyond 14-days, will experience disruptions logging into UCLA applications until it is completed.
- Multi-Factor Authentication (MFA) will be required for accessing university email systems across all schools and units.
Access to select critical UCLA applications will require devices to complete a security check verifying installation of Trellix Endpoint Security through Duo Desktop. Duo Desktop will verify that Trellix is installed on your device before granting access to select critical UCLA applications.
- Faculty and staff using these select critical UCLA applications must install Duo Desktop on their desktops and laptops, including any personal devices used for university business. Mobile devices are excluded.
- The initial application enforcement list will focus on high-risk applications that store, process, or transmit sensitive information.
- Please reference the list of applications that will be required to pass this enhanced security check with Duo Desktop
Non-compliance with any component of the UC mandate may lead to:
- Temporary loss of access to university systems and/or applications
- Increased cybersecurity insurance premiums for your department
- Financial penalties tied to cybersecurity incidents
- Chancellor-level review for merit increases in non-compliant units
What to Do
- Complete and/or verify completion of your UC Cybersecurity Awareness training by checking the UC Learning Center website
- If you use any of the critical UCLA applications identified for the enhanced security check, you will need to install Duo Desktop on your device in addition to Trellix.
- If you do not have local administrator rights to install the Duo Desktop software, please contact your IT support desk directly to get more assistance
- Reference this step-by-step video on the new Duo Desktop login and installation process which will check for Trellix as part of the authentication steps
Support and Resources
- OCISO Support Site – Overview of the UCOP Cybersecurity mandate, policy details and more resources
- Cybersecurity Awareness Training Resource Page – General information about the course, instructions on how to access it and answers to commonly asked questions about the requirement
- Duo Desktop Resource Page – Support for Duo Desktop including a list of high-risk applications, an overview of the application and a step-by-step video on the new Duo Desktop login and installation process
- Duo Desktop FAQ – Answers to commonly asked questions about Duo Desktop
If you have additional questions about the UCOP cybersecurity requirements or how these new policies will impact your ability to access critical UCLA applications after June 1, please contact the IT Support Center at (310) 267-HELP (4357) or email Help@it.ucla.edu
Thank you for your continued partnership in helping protect and strengthen UCLA’s systems and data.
Your actions will help UCLA fulfill its cybersecurity responsibilities and support a safer digital environment.
Sincerely,
Michael J. Beck
Administrative Vice Chancellor and Cyber-Risk Responsible Executive
Lucy Avetisyan
Associate Vice Chancellor and Chief Information Officer