Guide: Verified Access
Verified Access is an enhanced security measure required for devices that access certain UC Santa Cruz systems and servers, in accordance with cybersecurity requirements set by the UC Office of the President.
Need help with Verified Access?
Search the knowledge base for answers to common questions, or contact the IT Service Desk for support.
What is Verified Access?
In a nutshell
Verified Access ensures that computers connect securely to university data and systems, as mandated by UC system-wide requirements.
How does Verified Access work?
Beginning May 27, 2025, computers that connect to systems protected by Verified Access are required to have a security bundle installed including device management tools, virtual private network (VPN), and device authentication software. This requirement applies the Campus Virtual Private Network (VPN) and when using a physical (or ethernet) port to connect.
More about the security bundle
Does my computer need to be Verified Access compliant?
If you need to connect to certain UCSC systems or servers (login), UC policy requires that the computer you access them from meet specific security requirements. Generally, if you use the Campus VPN to access a system, your computer needs to be Verified Access compliant.
If you have an ITS-managed computer, the security bundle has already been installed for you. If not, use the Verified Access status and setup tool below to download and install the security bundle.
How to set up Verified Access
Use the lookup tool to check if your computer is already Verified Access compliant. If not, follow the next steps provided by the to install and setup the security bundle.
Exceptions from Verified Access
If you need to use a computer for university business that cannot run the UC Santa Cruz Security Bundle, you may request a security exception. These requests will be reviewed by the Office of the UC Santa Cruz Chief Information Security Officer. If you’re unsure whether an exception is necessary, please submit a security exception request and the Information Security Team will follow up with guidance.
Background
In 2024, University of California leadership notified UC locations of requirements for updated information security investment plans (see President Drake’s letter), including requirements for how devices must connect securely to university networks, including:
- Multi-factor Authentication (MFA): Deploy, enable, and configure multi-factor authentication (MFA) on 100 percent of campus and health email systems in conformance with established UC MFA configuration standards.
- Endpoint Detection and Response (EDR): Deploy and manage UC-approved Endpoint Detection and Response (EDR) software on 100 percent of assets defined by UC EDR deployment standards.
- Computing Device Identification & Management: Ensure identification, tracking, and vulnerability management of all computing devices connected to university networks.
Learn more about UC Santa Cruz’s approach to the UC cybersecurity mandate: Project: UC Information Security Investment Plan