As a leader to Texas state government, education and local government entities, DIR provides technology and solutions to enable customers to meet their core missions. The DIR Information Security Office focuses on providing service that is quality, responsive, innovative and professional.

The elements that contribute to enabling customers are TAC §202, rules and legislation, agency security plans and templates.

Texas Administrative Code Chapter 202 (TAC §202)

TAC §202 establishes baseline security standards for Texas state agencies and institutions of higher education. TAC §202 is also closely aligned to Federal Information Security Management Act (FISMA) and National Institute of Standards of Technology (NIST).

To better understand and comply with industry standards and regulations the Control Crosswalk was developed. This tool maps Revised TAC §202 to industry standards, regulatory requirements and compliance mandates for protecting information giving agencies visibility to requirements overlap and allows them to consolidate steps.

DIR also initiated the Control Standards Catalog to help state agencies and higher education institutions implement security controls. The Catalog identifies minimum security requirements relevant to the level of risk.

See additional information on rules and legislation relating to information and network security

Agency Security Plan

The Agency Security Plan was created through collaboration between government and the private sector using common language to address and manage cybersecurity risk in without placing additional regulatory requirements on agencies.

The plan is divided into five functions, which are the same as the National Institute of Standards and Technology (NIST): identify, protect, detect, respond, and discover.


DIR provides an assortment of materials that can serve as a framework or baseline for agency reporting requirements. Some of these tools include the Data Classification Template, Data Use Agreement and the Control Standard Catalog.

New ISO Designation

Instructions for designating a new Information Security Officer (ISO) as well as helpful information, roles, and responsibilities.