Acceptable Use of the Internet Policy (PDF | 765 KB)
The Acceptable Use of the Internet Guidelines are intended to assist
state agencies and institutions of higher education compliance with the
provisions of the Texas Administrative Code (TAC), Chapter 202 Information
Security Standards and Executive Order (RP58) Relating to peer-to-peer
Control Standards Catalog (PDF | 1.78 MB)
The Control Standards Catalog was initiated by DIR to help state
agencies and higher education institutions implement security controls. It
specifies the minimum information security requirements that state
organizations must employ to provide the appropriate level of security relevant
to level of risk.
Control Crosswalk (XLSX | 1 MB)
The Control Crosswalk maps TAC §202 to industry standards, regulatory requirements, and compliance mandates. It is meant to relate the controls specified in Revised TAC §202 to other requirements that agencies and higher education institutions may have for protecting information and information systems.
Cloud Services Guide (PDF | 631 PDF)
Resources and information for when considering cloud services.
Cybersecurity Terms & Definitions (DOCX | 35KB)
Common cybersecurity terms and definitions.
Cybersecurity Tip Sheet (PDF | 140 KB)
General tips for online cybersecurity.
Data Classification Guide (DOCX | 67KB)
Data Classification Template (XLSX | 77 KB)
Data classification is the basis for identifying an initial baseline set of security controls for information and information systems, which provides numerous benefits. First and foremost, data classification makes making security decisions more efficient for employees, data owners, and IT staff, because it instantly identifies and communicates the level of protection required for any piece of data as well as the audience that may view it.
Data Use Agreement Policy (DOCX | 30 KB)
Data Use Agreement FAQ (PDF | 104 KB)
The 84th Legislative Session passed Senate Bill 1877 which requires "Each state agency [to] develop a data use agreement for use by the agency that meets the particular needs of the agency and is consistent with rules adopted by the department [of information resources] that relate to information security standards for state agencies."
DoD Identity Awareness, Protection, and Management Guide (PDF | 4.91 MB)
US Department of Defense guidance for managing online identity and responding to identity theft.
Domain Name Management Policy (PDF | 673)
Guidance Regarding Internet Domain Management.
Doxxing & SWAT-ing Guide (PDF | 151 KB)
Guidance and suggestions for handling doxxing and SWAT-ing events.
Incident Response Guide & Templates (PDF | 800 KB)
The Incident Response is intended to be a framework for organizations in creating their own incident response plans and procedures and should be completed and modified to meet the business needs of the organization.
Information Resources Employees Continuing Education Guidelines for Cybersecurity (PDF | 385 KB)
HB 8, 85(R) required DIR to develop continuing education guidelines for
information resources employees regarding cybersecurity. The following
guidelines were developed to assist agencies and institutions of higher
education with ensuring their IR staff have the education and awareness to help
protect their organizations.
PC Life Cycle Guidelines (DOCX | 121 KB)
Guidelines for establishing PC Life Cycles.
Sale or Transfer of Computers & Software Guide (PDF | 127 KB)
This guideline is intended to supplement existing policies and procedures on the sale and transfer of surplus and salvaged equipment.
SANS Information Security Policy Templates
Repository of example information security policies and policy templates.
Software Currency Policy Template (DOCX | 41 KB)
Policy template to reduce the use of unsupported software and reduce vulnerabilities in state systems.
Provisions for linking to state websites and privacy policies.
Teleworking Tips (PDF | 138 KB)
Information and guidance for secure teleworking.
Vendor Alignment Template (XLSX | 102 KB)
Tool that enables vendors of security products and services to align their offerings to the Texas Cybersecurity Framework.
Videoconferencing Guidelines (PDF | 317 KB)
Technical and operational standards for hosting videoconference meetings.
Virtual Collaboration Tools Security Tips (PDF | 216 KB)
DIR's recommendations for cybersecurity when using virtual collaboration tools.
Zoom Security Guidelines (PDF | 174 KB)
Guidance and suggestions on the use of Zoom and other virtual collaboration tools.