Texas A&M University System Cybersecurity Standards


Texas A&M University System members publish a security control catalog to implement organizational information security controls in a format that aligns with the Texas Security Control Standards Catalog, prescribed by Title 1 Texas Administrative Code § 202.76, Security Control Standards Catalog.1

Texas A&M System Cybersecurity Standards (the control standards catalog and related guidelines) provide system members with guidance that enhances State-level requirements for implementing security controls. These standards are prescribed by Texas A&M System Regulation 29.01.03, Information Security,2 paragraph 1.2.

This document is intended to be used as a supplement to Texas Security Control Standards Catalog Version 2.1, updated May 2023.3 It is recommended that system members read the Texas Security Control Standards Catalog and NIST Special Publication 800-53, Revision 5,4 in their entirety to understand the control selection and specification process.


The Texas A&M University System Office of Cybersecurity will review control standards each even-numbered year and immediately following any mid-cycle updates of statewide security control standards.

Prior to publishing new or revised standards, the System Office of Cybersecurity will solicit comments on new control standards from Chief Information and Information Security Officers at system members.

Control Standards Catalog

Security and privacy control standards described in this control standards catalog have a well-defined organization and structure. For ease of use in the security and privacy control selection and specification process, controls are organized into families (listed in the navigation menu to the left). Each family contains controls that are related to the specific topic of the family. A two-character identifier uniquely identifies each control family (e.g., PS for Personnel Security). Security and privacy controls may involve aspects of policy, oversight, supervision, manual processes, and automated mechanisms that are implemented by systems or actions by individuals.

To simplify the review of security control standards that are required by Texas DIR or the Texas A&M System, an abbreviated list of Required Security Controls and New Required Controls is provided along with the required implementation date established by Texas DIR or the Texas A&M System.