Texas DIR and Texas A&M System Required Controls

Control ID Title TxDIR Required By TAMUS Required By

Access Control

AC-1

Policy and Procedures

2023-07-20

AC-2

Account Management

2023-07-20

AC-2(7)

Privileged User Accounts

2022-08-01

AC-3

Access Enforcement

2023-01-20

AC-3(7)

Role-based Access Control

2022-08-01

AC-5

Separation of Duties

2023-07-20

AC-6

Least Privilege

2023-07-20

AC-7

Unsuccessful Logon Attempts

2023-07-20

AC-8

System Use Notification

2023-01-20

2022-08-01

AC-14

Permitted Actions Without Identification or Authentication

2023-01-20

AC-17

Remote Access

2023-07-20

AC-18

Wireless Access

2023-07-20

AC-19

Access Control for Mobile Devices

2023-07-20

AC-20

Use of External Systems

2023-07-20

AC-22

Publicly Accessible Content

2023-01-20

2022-08-01

Awareness and Training

AT-1

Policy and Procedures

2023-07-20

AT-2

Literacy Training and Awareness

2023-07-20

AT-3

Role-based Training

2023-07-20

AT-4

Training Records

2023-07-20

Audit and Accountability

AU-1

Policy and Procedures

2023-07-20

AU-2

Event Logging

2023-07-20

AU-3

Content of Audit Records

2023-01-20

AU-4

Audit Log Storage Capacity

2023-07-20

AU-5

Response to Audit Logging Process Failures

2023-07-20

AU-6

Audit Record Review, Analysis, and Reporting

2023-07-20

AU-8

Time Stamps

2023-01-20

AU-9

Protection of Audit Information

2023-07-20

AU-11

Audit Record Retention

2023-07-20

AU-12

Audit Record Generation

2023-07-20

Assessment, Authorization, and Monitoring

CA-1

Policy and Procedures

2023-07-20

CA-2

Control Assessments

2023-07-20

CA-3

Information Exchange

2023-07-20

CA-5

Plan of Action and Milestones

2023-01-20

CA-6

Authorization

2023-07-20

CA-7

Continuous Monitoring

2023-07-20

CA-7(4)

Risk Monitoring

2023-07-20

CA-8

Penetration Testing

2023-07-20

CA-9

Internal System Connections

2023-07-20

Configuration Management

CM-1

Policy and Procedures

2023-07-20

CM-2

Baseline Configuration

2023-07-20

2022-08-01

CM-3

Configuration Change Control

2022-08-01

CM-3(2)

Testing, Validation, and Documentation of Changes

2022-08-01

CM-4

Impact Analyses

2023-07-20

CM-5

Access Restrictions for Change

2023-07-20

CM-6

Configuration Settings

2023-07-20

2022-08-01

CM-7

Least Functionality

2023-07-20

CM-8

System Component Inventory

2023-07-20

CM-10

Software Usage Restrictions

2023-01-20

2022-08-01

CM-11

User-installed Software

2023-01-20

Contingency Planning

CP-1

Policy and Procedures

2023-07-20

2022-08-01

CP-2

Contingency Plan

2023-07-20

CP-3

Contingency Training

2023-07-20

CP-4

Contingency Plan Testing

2023-01-20

2022-08-01

CP-6

Alternate Storage Site

2023-01-20

CP-9

System Backup

2023-07-20

CP-9(3)

Separate Storage for Critical Information

2022-08-01

CP-10

System Recovery and Reconstitution

2023-07-20

CP-11

Alternate Communications Protocols

2023-07-20

Identification and Authentication

IA-1

Policy and Procedures

2023-07-20

IA-2

Identification and Authentication (Organizational Users)

2023-01-20

IA-2(1)

Multi-factor Authentication to Privileged Accounts

2023-07-20

2021-09-13

IA-2(2)

Multi-factor Authentication to Non-privileged Accounts

2023-07-20

2021-09-13

IA-4

Identifier Management

2023-07-20

IA-5

Authenticator Management

2023-07-20

IA-6

Authentication Feedback

2023-01-20

IA-7

Cryptographic Module Authentication

2023-01-20

IA-8

Identification and Authentication (Non-organizational Users)

2023-01-20

IA-11

Re-authentication

2023-07-20

2022-08-01

IA-12

Identity Proofing

2022-08-01

Incident Response

IR-1

Policy and Procedures

2023-07-20

IR-2

Incident Response Training

2023-07-20

IR-3

Incident Response Testing

2023-07-20

IR-4

Incident Handling

2023-07-20

IR-5

Incident Monitoring

2023-07-20

IR-6

Incident Reporting

2023-07-20

2022-08-01

IR-7

Incident Response Assistance

2023-07-20

IR-8

Incident Response Plan

2023-07-20

IR-9

Information Spillage Response

2023-07-20

Maintenance

MA-1

Policy and Procedures

2023-07-20

MA-2

Controlled Maintenance

2023-07-20

MA-4

Nonlocal Maintenance

2023-01-20

MA-5

Maintenance Personnel

2023-01-20

Media Protection

MP-1

Policy and Procedures

2023-07-20

MP-2

Media Access

2023-01-20

MP-3

Media Marking

2022-08-01

MP-6

Media Sanitization

2023-07-20

MP-7

Media Use

2023-07-20

Physical and Environmental Protection

PE-1

Policy and Procedures

2023-07-20

PE-2

Physical Access Authorizations

2023-01-20

PE-3

Physical Access Control

2023-07-20

PE-6

Monitoring Physical Access

2023-01-20

2022-08-01

PE-8

Visitor Access Records

2023-07-20

PE-12

Emergency Lighting

2023-01-20

PE-13

Fire Protection

2023-01-20

PE-14

Environmental Controls

2023-07-20

PE-15

Water Damage Protection

2023-01-20

PE-16

Delivery and Removal

2023-07-20

PE-17

Alternate Work Site

2023-07-20

PE-18

Location of System Components

2021-09-13

Planning

PL-1

Policy and Procedures

2023-07-20

PL-2

System Security and Privacy Plans

2023-07-20

PL-4

Rules of Behavior

2023-07-20

2022-08-01

Program Management

PM-1

Information Security Program Plan

2023-07-20

PM-2

Information Security Program Leadership Role

2023-01-20

PM-3

Information Security and Privacy Resources

2023-07-20

PM-4

Plan of Action and Milestones Process

2023-07-20

PM-5

System Inventory

2023-07-20

2022-08-01

PM-6

Measures of Performance

2023-07-20

PM-7

Enterprise Architecture

2023-07-20

PM-9

Risk Management Strategy

2023-07-20

PM-10

Authorization Process

2023-07-20

PM-14

Testing, Training, and Monitoring

2023-07-20

2022-08-01

PM-15

Security and Privacy Groups and Associations

2023-07-20

PM-16

Threat Awareness Program

2023-01-20

Personnel Security

PS-1

Policy and Procedures

2023-07-20

PS-2

Position Risk Designation

2023-01-20

PS-3

Personnel Screening

2023-01-20

PS-4

Personnel Termination

2023-07-20

PS-5

Personnel Transfer

2023-01-20

PS-6

Access Agreements

2023-01-20

PS-7

External Personnel Security

2023-01-20

PS-8

Personnel Sanctions

2023-01-20

Personally Identifiable Information Processing and Transparency

PT-3

Personally Identifiable Information Processing Purposes

2022-08-01

Risk Assessment

RA-1

Policy and Procedures

2023-07-20

RA-2

Security Categorization

2023-07-20

2022-08-01

RA-3

Risk Assessment

2023-07-20

RA-3(1)

Supply Chain Risk Assessment

2023-07-20

RA-5

Vulnerability Monitoring and Scanning

2023-07-20

RA-7

Risk Response

2023-07-20

System and Services Acquisition

SA-1

Policy and Procedures

2023-07-20

SA-2

Allocation of Resources

2023-07-20

SA-3

System Development Life Cycle

2023-07-20

2022-08-01

SA-4

Acquisition Process

2023-07-20

2022-08-01

SA-5

System Documentation

2023-07-20

SA-8

Security and Privacy Engineering Principles

2023-07-20

SA-9

External System Services

2023-07-20

SA-10

Developer Configuration Management

2023-07-20

SA-11

Developer Testing and Evaluation

2023-07-20

SA-22

Unsupported System Components

2023-07-20

System and Communications Protection

SC-1

Policy and Procedures

2023-07-20

SC-5

Denial-of-service Protection

2023-07-20

SC-7

Boundary Protection

2023-07-20

SC-8

Transmission Confidentiality and Integrity

2023-01-20

SC-12

Cryptographic Key Establishment and Management

2023-01-20

SC-13

Cryptographic Protection

2023-07-20

2022-08-01

SC-15

Collaborative Computing Devices and Applications

2023-07-20

SC-20

Secure Name/Address Resolution Service (Authoritative Source)

2023-01-20

SC-21

Secure Name/Address Resolution Service (Recursive or Caching Resolver)

2023-01-20

SC-22

Architecture and Provisioning for Name/Address Resolution Service

2023-01-20

SC-39

Process Isolation

2023-01-20

System and Information Integrity

SI-1

Policy and Procedures

2023-07-20

SI-2

Flaw Remediation

2023-01-20

SI-3

Malicious Code Protection

2023-07-20

2022-08-01

SI-4

System Monitoring

2023-07-20

SI-5

Security Alerts, Advisories, and Directives

2023-01-20

SI-10

Information Input Validation

2023-07-20

SI-12

Information Management and Retention

2023-07-20

Supply Chain Risk Management

SR-1

Policy and Procedures

2023-07-20

SR-2

Supply Chain Risk Management Plan

2023-07-20

SR-3

Supply Chain Controls and Processes

2023-07-20

SR-5

Acquisition Strategies, Tools, and Methods

2023-07-20

SR-8

Notification Agreements

2023-07-20

SR-12

Component Disposal

2023-07-20

results matching ""

    No results matching ""