Everything you Need to Know about MSS Webinar
Whether you are an established customer, or new to DIR shared services, this Managed Security Services overview webinar will provide you with the information you need to successfully navigate the offerings and understand the processes involved with obtaining services. Use the following link to view the recorded webinar that covers topics such as:
- What is MSS?
- What services are included through the MSS program?
- Does DIR pay for any services? What are the criteria involved?
- How do I get started?
Register here to view the recorded MSS webinar (GoToWebinar Recording)
Download a copy of the MSS webinar slides (.pdf)
Visit the Shared Technology Services Public Portal for further information about ordering Managed Security Services and more.
Elected Security Services
DIR will cover the costs of blackbox network penetration tests, web and mobile application penetration tests, and security assessments against the Texas Cybersecurity Framework for state agencies and public institutions of higher education through the Managed Security Services (MSS) Program. Other eligible customers including local governments and public school districts may also use the MSS Program.
Network Penetration Testing. A pen test evaluates network and system vulnerabilities that are susceptible to attack from possibly malicious sources and analyzes system configurations, web applications, and technical weaknesses. A pen test:
- Evaluates network security from attacker's perspective
- Identifies at-risk confidential or sensitive data
- Verifies and attempts to exploit actual security vulnerabilities
- Determines network's vulnerability to attack
- Provides suggested countermeasures to prevent intrusion or data loss
- Assists business impact analysis
- Documents findings and delivers a custom report identifying vulnerabilities and describing successful exploits
DIR covers the costs for blackbox remote external pen tests for state agencies and public institutions of higher education.
Web and Mobile Application Penetration Testing. H.B. 8, 85(R) requires agencies and public institutions of higher education to obtain a penetration test and remediate any discovered vulnerabilities prior to launching a web or mobile application that processes sensitive personal information. DIR has dedicated funds to cover approximately 17 of these penetration tests for eligible customers. These tests use a defined methodology that includes both automated and manual processes to identify application vulnerabilities such as SQL injection susceptibility, buffer overflow, session hijacking, information leakage, and more.
Texas Cybersecurity Framework Security Assessments. Sec. 2054.515, Government Code requires each state agency to conduct and information security assessment at least once every two years and report the results to DIR and state leadership.DIR offers security assessments to state agencies and public institutions of higher education via the MSS program at no cost to the customer. Security Assessments are also available to other eligible customers including local governments and public school districts. The Texas Cybersecurity Framework consists of 40 security objectives within 5 functional areas (Identify, Detect, Protect, Respond, Recover). These assessments evaluate the maturity level of each security objective and provide recommendations for improving the security maturity and posture of the organization.
These services and more are available to state agencies, public institutions of higher education, local governments, and public school districts through the DIR Managed Security Services (MSS) program, although DIR-funded eligibility is limited to state agencies and state public institutions of higher education. If you are unsure whether your organization is eligible, please contact
How to Order
Customers who are already onboarded with the Shared Services Program can order these services through the shared services portal (previously DCS portal) service request catalog. From the service request catalog, navigate to the solution requests for MSS Risk and Compliance and complete the form to request the services.
If your organization is not a current customer or you are interested in obtaining more information, please contact email@example.com or firstname.lastname@example.org.
Managed Security Services Program
Managed Security Services (MSS) is a new offering within DIR’s Shared Services program to provide uniform and consistent management of state data security. IT Security is an increasingly critical priority for state and local governments, requiring heightened awareness to malicious threats and an expanded focus on the technology protecting sensitive information. In addition to ensuring secure computing environments, government entities are under never-ending requirements to meet rising constituent needs, do more with less, and increase the value they deliver to the public.
Whether you’re a state agency, public institution of higher education, local government, municipal, higher education, or a public school district, MSS assists you in consolidating security services, meeting legislative security requirements, mitigating security risks, and filling gaps in skillsets to provide a secure computing environment for your business and to deliver more effective services for your constituents.
Note: Participants in the Data Center Services (DCS) program already receive enterprise security services within the Consolidated Data Centers (CDCs) and DCS Public Cloud environment. However, MSS offers additional security-related services to meet individual business needs. See the MSS FAQ and MSS Service Matrix for additional details and which MSS services are available for DCS customers.
For additional information on MSS, click here.
Texas Data Center Security Services
The Texas Data Center Services (DCS) program allows the state to employ an enterprise approach to improve management of major technology infrastructure projects and promote efficient and effective data center operations. As a cornerstone of this, the DCS Security Program was established to maintain a security posture in the consolidated data centers and all systems that fall into the scope of DCS. The Security Program integrates with the DCS Governance to ensure security is a part of the culture of DCS and is a fundamental element in all DCS initiatives.
DCS Security Program is mapped to a master system security plan. This policy defines the settings needed for compliance with various regulatory bodies of existing customers and is flexible enough to accommodate needs of potential customers and changing regulatory requirements. There are tools and processes in place to compare the environment to these settings so that risks can be addressed through a risk management process. This plan also utilizes and leverages NIST 800-53, CIS benchmarks, TAC §202, and other regulatory frameworks.
DCS Security is continually working to improve the maturity of the program as dictated by the Texas Cybersecurity Framework. Protecting the environments and customer resources is imperative to achieving DCS goals. The security program aims to be a valuable asset as well as a reason for current and future customers to choose Data Center Services.
Security Plan Model
The Security Program is comprised of security focal points from the Texas Department of Information Resources' Office of the Chief Information Security Office, a multi-sourcing integrator and each of the service component providers. The intent of the DCS model is to use centralized volume purchasing power to more efficiently provide compute, storage, and security to Texas governmental entities and state agencies.
Currently DCS Security Program maintains an antivirus protection, network intrusion prevention system, security incident and event monitor, host intrusion prevention system and performs vulnerability scans. There are numerous services, policies and processes that work in conjunction with the technologies in place to further increase the security posture that these technical safeguard checks can provide to the environment. Security incident management is also included.
Information Security Site Navigation
Information about file formats