Managed Security Services

Managed Security Services Program

Managed Security Services (MSS) is an offering within DIR’s Shared Technology Services program to provide uniform and consistent management of state data security. IT Security is an increasingly critical priority for state and local governments, requiring heightened awareness to malicious threats and an expanded focus on the technology protecting sensitive information. In addition to ensuring secure computing environments, government entities are under never-ending requirements to meet rising constituent needs, do more with less, and increase the value they deliver to the public. 

Whether you’re a state agency, public institution of higher education, local government, municipal, higher education, or a public school district, MSS assists you in consolidating security services, meeting legislative security requirements, mitigating security risks, and filling gaps in skillsets to provide a secure computing environment for your business and to deliver more effective services for your constituents.

Note: Participants in the Data Center Services (DCS) program already receive enterprise security services within the Consolidated Data Centers (CDCs) and DCS Public Cloud environment. However, MSS offers additional security-related services to meet individual business needs. See the MSS FAQ and MSS Service Matrix for additional details and which MSS services are available for DCS customers. 

MSS Frequently Asked Questions (PDF | 664 KB)

MSS Service Matrix (PDF | 664 KB)

Additional information on MSS

Everything you Need to Know about MSS Webinar

Whether you are an established customer, or new to DIR shared services, this Managed Security Services overview webinar will provide you with the information you need to successfully navigate the offerings and understand the processes involved with obtaining services.  Use the following link to view the recorded webinar that covers topics such as:

  • What is MSS?
  • What services are included through the MSS program?
  • Does DIR pay for any services? What are the criteria involved? 
  • How do I get started? 

View the recorded MSS webinar

MSS Overview Webinar Slides (PDF | 1.5 MB)

Visit the Shared Technology Services Public Portal for further information about ordering Managed Security Services and more.

Eligibility

These services and more are available to state agencies, public institutions of higher education, local governments, and public school districts through the DIR Managed Security Services (MSS) program, although DIR-funded eligibility is limited to state agencies, state public institutions of higher education, and public community colleges. If you are unsure whether your organization is eligible, please contact dirsecurity@dir.texas.gov.

DIR-Funded Services for State Agencies, State Institutions of Higher Education, and Public Community Colleges

DIR will cover the costs of blackbox network penetration tests, web and mobile application penetration tests, and security assessments against the Texas Cybersecurity Framework for state agencies and public institutions of higher education through the Managed Security Services (MSS) Program. Other eligible customers including local governments and public school districts may also use the MSS Program.

Network Penetration Testing

A pen test evaluates network and system vulnerabilities that are susceptible to attack from possibly malicious sources and analyzes system configurations, web applications, and technical weaknesses. A pen test:

  • Evaluates network security from attacker's perspective

  • Identifies at-risk confidential or sensitive data

  • Verifies and attempts to exploit actual security vulnerabilities

  • Determines network's vulnerability to attack

  • Provides suggested countermeasures to prevent intrusion or data loss

  • Assists business impact analysis

  • Documents findings and delivers a custom report identifying vulnerabilities and describing successful exploits

DIR covers the costs for blackbox remote external pen tests for state agencies, public institutions of higher education, and community colleges.

Web and Mobile Application Penetration Testing

H.B. 8, 85(R) requires agencies and public institutions of higher education to obtain a penetration test and remediate any discovered vulnerabilities prior to launching a web or mobile application that processes sensitive personal information.  DIR has dedicated funds to cover approximately 17 of these penetration tests for eligible customers.  These tests use a defined methodology that includes both automated and manual processes to identify application vulnerabilities such as SQL injection susceptibility, buffer overflow, session hijacking, information leakage, and more. 

Texas Cybersecurity Framework Security Assessments

Sec. 2054.515, Government Code requires each state agency to conduct and information security assessment at least once every two years and report the results to DIR and state leadership.DIR offers security assessments to state agencies and public institutions of higher education via the MSS program at no cost to the customer. Security Assessments are also available to other eligible customers including local governments and public school districts. The Texas Cybersecurity Framework consists of 40 security objectives within 5 functional areas (Identify, Detect, Protect, Respond, Recover).  These assessments evaluate the maturity level of each security objective and provide recommendations for improving the security maturity and posture of the organization. 

How to Order

Customers who are already onboarded with the Shared Services Program can order these services through the shared services portal (previously DCS portal) service request catalog.  From the service request catalog, navigate to the solution requests for MSS Risk and Compliance and complete the form to request the services.

If your organization is not a current customer or you are interested in obtaining more information, please contact dirsecurity@dir.texas.gov or dirsharedservices@dir.texas.gov.