General Questions
What are the biggest challenges faced by the ProtectUs: Cybersecurity System-wide Initiative at UC Merced?
The two biggest challenges are around the technical requirements to satisfy the mandate and to ensure that changes are well communicated and coordinated with the campus community.
How confident is OIT that the requirements of the mandate will be met by the deadline? Are there challenges that make this seem uncertain?
The long and short of it is that it's not a matter of "will complete", but "must complete". OIT is feeling confident that we will meet the requirements set by the mandate by the deadline, but there is always a level of uncertainty with a project this big and complex.
Has testing of these changes already begun?
Yes. OIT has "proof of concept" services running in private lab environments. There is no plan at this time to have public testing, but if we do, we'll reach out to those who have signed up on our interest form.
What can campus partners and vendors do to help with the ProtectUs mandate effort(s)?
The main thing we're asking for is engagement. We'll be sending out lots of information and reaching out to us directly or through the feedback form with your thoughts and/or concerns will be very helpful in ensuring we are correctly anticipating as many use cases as possible. If there was ever a project where "it takes a village" applied, it is this one.
With ProtectUs becoming a big part of campus moving forward, are their new jobs being created to help monitor and maintain these systems?
Yes, through the 2024 Budget Call, OIT was award additional funding to support ProtectUs and part of those funds are going to a new position on campus.
Will all students be required to complete the Cybersecurity training?
No. At this time, the mandate only requires that student employees complete the training. There are discussion at the systemwide level to see if "cyber citizen" or "cyber hygiene" training can be made available to the broader campus communities. We'll share more information if it becomes available and/or if it would have the same impact on non-employed students.
Will any of the outcomes from this mandate impact the costs to PIs?
No. We are not anticipating any individual costs as a part of meeting the mandate. That said, if you want confirmation about potential costs or impacts, please reach out via our feedback form.
Will there be any downtime associated with these changes?
Definitely. When we anticipate that a change will impact the campus community, we will share that information ahead of time.
How will this change the way I sign in?
What does the completion status of my mandatory cybersecurity change about accessing services secured with Singe Sign-On (SSO)?
• If you have completed your training or your training is not overdue, nothing changes and you'll be able to access all services secured with SSO without issue.
• If you have not completed your training, beginning 14 days before it is due, you will be remided to complete your training but will otherwise be able to access services secured with SSO.
• If you are overdue on your training, you will be alerted to this when you next login. You'll be directed to where you can go complete the training immediately or request a 24-hour extension.
What happens when I request a 24-hour extension?
This is a self help feature. As soon as you request the 24-hour extension, you will regain full access to all services secured with SSO for the next 24-hours. After that time, you will no longer be able to access any services secured using SSO. An email will be sent to you, your supervisor, and the Information Security team to notify and confirm the extension was granted.
Will I really lose access to all services if I am deliquent on my mandatory cybersecurity training? Are there exceptions?
Yes and the only current exceptions are: UC Learning Center, TRS, and CatCourses.
How will using Duo (2FA) with shared service accounts be different from my personal account?
We'll have detailed knowledge articles about this soon. Broadly, instead of receiving a push notification to authorize Duo using a 4 digit code, you will need to instead open the Duo app on your devices and enter the 6-digit code that is presented.
I became an alumni before Duo (2FA) was released to the campus. What will happen to my account?
Essentially, you will now need to use the Duo app from a mobile device if you ever need to access your UC Merced accounts after this enhancement is enabled. You can read about the current Duo implementation here.
Will this change the way I sign into public stations or the computer labs?
We're not anticipating any changes at this time. We'll share more information should that change.
How will this change the way I connect to the network?
Will I have to do anything different to connect to wifi?
Other than making sure you successfully authenticate to eduroam, nothing will change about how you connect to wifi.
Will I have to do anything different to connect to the network with a cable?
Once our Network Access Control (NAC) enhancements are deployed, you will be required to authenticate your connection much like you do with wifi.
Will anything else happen when I connect to wired or wireless network(s)?
Yes. All devices will now under go a vulnerability scan to ensure they are running the most current version of an operating system and that it doesn't have any known vulnerabilities.
What will happen if my device is not up to date or has a vulnerability?
The network will alert you to this issue and then place you on a special network that will only allow you to access the internet until such time the device is updated and/or the vulnerability remediated.
How will this change the way I purchase devices?
My department receives donated technology, what can we do to ensure these devices are compliant?
We'll have guidance on how to ensure these devices are compliant. At this time, we can confirm that these devices will be treated as "University Owned Devices" for the purposes of the mandate.
How will this change the way I use devices for school and work?
Will my current computer needed to be wiped clean and redone?
While this is possible, we'll have more information and guidance on this in the future.
For remote employees, how will the anti-virus (EDR) software be installed?
Self help documentation will be made available to help those without anti-virus installed accomplish this. Additionally, you can make an appointment with the OIT Service Desk to have them remote into your computer and assist with the installation.
What antivirus (EDR) application will we be using?
At this time, UCOP has provided Trellix HX as the application to support the EDR part of the mandate. We have been made aware that UCOP is re-evaluating which application they will support going forward. Unfortunately, this decision will not be made before the mandate deadline of May 2025. That in mind, we will be installing the Trellix HX application to meet the mandate and in the future replace it when a new one is selected.
Can I install the existing antivirus on my own?
Sure! You can find the latest instructions here.
Will devices running macOS be required to run the EDR software?
Yes. The mandate stipulates that all university owned devices must have EDR software installed. Our current antivirus solution already supports macOS.
Will devices running Linux be required to run the EDR software?
Yes. The mandate stipulates that all university owned devices must have EDR software installed. We'll have more information and details on this specific operating system later.
Will I lose administrator access to my computer?
This is not a part of the mandate and, if anything, the EDR requirement helps ensure that we can continue to provide administrator level access to your devices.
Don't See Your Question?
If you have a general question or feedback to share about ProtectUs, please use this form to let us know.
