Note: The Cybersecurity Baseline is expected to be issued summer 2026 with an effective date at the end of December. See this webpage for more information about the rule.
Anyone with access to university IT resources, including students, faculty, staff and third-party entities, must comply with RUL 08.00.20 – Cybersecurity Baseline. The rule sets campuswide baseline controls that must be met to protect university data and IT resources.
This article will help campus users better understand their responsibility in following the rule.
It is important for employees to understand how this rule impacts their personal devices. If you use a personal device for university business, your device must meet these controls. Opting for university-owned and managed devices over personal ones can help ensure you are complying with this rule.
Protecting university data is a shared responsibility. Annual Data Security Training is important to ensure campus users understand their role. Per the Cybersecurity Baseline, anyone with a university account who is not strictly a student is required to complete the training.
See Identity and Authentication Rule: Guidance for Campus Users for more information.
If you think a cybersecurity incident has occurred, report it immediately.
Install device and app updates as soon as possible. Turn on automatic updates to make it even easier. These updates protect from bugs and vulnerabilities.