Important Action Needed for Enhanced Cybersecurity Requirements

May 05, 2025
Accounts and Access

Dear Colleagues:

Last year, the UC Office of the President (UCOP) issued a systemwide mandate to strengthen cybersecurity, aiming to protect institutional data and reduce the risk and impact of cyberattacks. All UC campuses are expected to meet cybersecurity requirements across six key areas by May 28, 2025, as part of a coordinated effort to fortify our digital environment and safeguard the broader UC community.

Thanks to your collaboration, and the strong partnership between Digital & Technology Solutions (DTS, formerly IT Services) and IT leaders across schools and units, UCLA has made meaningful progress toward meeting the UCOP requirements.

Building on this momentum, and with fewer than 30 days remaining before UCLA must enforce the UC policy, we need individual faculty and staff action to ensure all required cybersecurity measures are in place.

Your participation is essential — not only to ensure UCLA meets the UC systemwide mandate, but also to strengthen our cybersecurity capabilities and help protect the Bruin Community.

As part of this systemwide effort, changes to how you access UCLA applications will begin on June 1, 2025.

Please review the updates below to ensure you are prepared and do your part in helping UCLA meet these cybersecurity requirements.

What You Need to Know

Starting June 1, 2025, there will be important changes to how you access UCLA applications and systems including:

Access to most UCLA applications protected by Single Sign-On (SSO) will require completion of UC Cybersecurity Awareness training. Faculty and staff who have not completed the training and are overdue beyond 14-days, will experience disruptions logging into UCLA applications until it is completed.
Multi-Factor Authentication (MFA) will be required for accessing university email systems across all schools and units.

Access to select critical UCLA applications will require devices to complete a security check verifying installation of Trellix Endpoint Security through Duo Desktop. Duo Desktop will verify that Trellix is installed on your device before granting access to select critical UCLA applications.

Faculty and staff using these select critical UCLA applications must install Duo Desktop on their desktops and laptops, including any personal devices used for university business. Mobile devices are excluded.
- The initial application enforcement list will focus on high-risk applications that store, process, or transmit sensitive information.
Please reference the list of applications that will be required to pass this enhanced security check with Duo Desktop

Non-compliance with any component of the UC mandate may lead to:

Temporary loss of access to university systems and/or applications
Increased cybersecurity insurance premiums for your department
Financial penalties tied to cybersecurity incidents
Chancellor-level review for merit increases in non-compliant units

What to Do

Complete and/or verify completion of your UC Cybersecurity Awareness training by checking the UC Learning Center website
If you use any of the critical UCLA applications identified for the enhanced security check, you will need to install Duo Desktop on your device in addition to Trellix.
- If you do not have local administrator rights to install the Duo Desktop software, please contact your IT support desk directly to get more assistance
Reference this step-by-step video on the new Duo Desktop login and installation process which will check for Trellix as part of the authentication steps

Support and Resources

OCISO Support Site – Overview of the UCOP Cybersecurity mandate, policy details and more resources
Cybersecurity Awareness Training Resource Page – General information about the course, instructions on how to access it and answers to commonly asked questions about the requirement
Duo Desktop Resource Page – Support for Duo Desktop including a list of high-risk applications, an overview of the application and a step-by-step video on the new Duo Desktop login and installation process
Duo Desktop FAQ – Answers to commonly asked questions about Duo Desktop

If you have additional questions about the UCOP cybersecurity requirements or how these new policies will impact your ability to access critical UCLA applications after June 1, please contact the IT Support Center at (310) 267-HELP (4357) or email Help@it.ucla.edu

Thank you for your continued partnership in helping protect and strengthen UCLA’s systems and data.

Your actions will help UCLA fulfill its cybersecurity responsibilities and support a safer digital environment.

Sincerely,

Michael J. Beck
Administrative Vice Chancellor and Cyber-Risk Responsible Executive

Lucy Avetisyan
Associate Vice Chancellor and Chief Information Officer

What You Need to Know

What to Do

Support and Resources

Overleaf Licenses Now Available to UCLA Community

Action Required: New Logon Security Protocols to Access UCPath

Welcome to the Canva Design Platform

Over Quota Reminder

Permanent Baseline Quotas for UCLA Google Accounts Now in Effect