Last Revised: Thu Sep 15 2022 13:00:09 GMT-0500 (Central Daylight Time)
Texas A&M University System members publish a security control catalog to implement organizational information security controls in a format that aligns with the Texas Security Control Standards Catalog, prescribed by Title 1 Texas Administrative Code § 202.76, Security Control Standards Catalog.
Texas A&M System Cybersecurity Standards provide system members with guidance that enhances State-level requirements for implementing security controls. These standards are prescribed by Texas A&M System Regulation 29.01.03, Information Security, paragraph 1.2.
This document is intended to be used as a supplement to Texas Security Control Standards Catalog Version 2.0, updated January 2022. It is recommended that system members read the Texas Security Control Standards Catalog and NIST Special Publication 800-53, Revision 5, in their entirety to understand the control selection and specification process.
The Texas A&M University System Office of Cybersecurity will review control standards each even-numbered year, following the Texas Department of Information Resources’ publishing of new statewide security control standards.
Prior to publishing new or revised standards, the System Office of Cybersecurity will solicit comments on new control standards from Chief Information Officers and (Chief) Information Security Officers at system members.
Control Standards Catalog
Security and privacy control standards described in this control standards catalog have a well-defined organization and structure. For ease of use in the security and privacy control selection and specification process, controls are organized into families (listed in the navigation menu to the left). Each family contains controls that are related to the specific topic of the family. A two-character identifier uniquely identifies each control family (e.g., PS for Personnel Security). Security and privacy controls may involve aspects of policy, oversight, supervision, manual processes, and automated mechanisms that are implemented by systems or actions by individuals.
To simplify the review of security control standards that are required by Texas DIR or the Texas A&M System, an abbreviated list of Required Security Controls and New Required Controls is provided along with the required implementation date established by Texas DIR or the Texas A&M System. All changes and new controls are also annotated with change bars to the right of the text.