Statewide Portal for Enterprise Cybersecurity Threat, Risk, and Incident Management (SPECTRIM)

On this page:


Solutions Available in SPECTRIM

Incident Reporting 


To help tie together the overall state security program, DIR has implemented a governance, risk, and compliance software tool available to all state agencies and institutions of higher education. The SPECTRIM portal provides tools for managing and reporting security incidents, conducting risk assessments, storing and managing organizational policies, performing assessment and authorization (A&A) on information systems, templates for agency security planning activities, and more. 

Eligible Entities 

The SPECTRIM portal is free for all Texas state agencies, public institutions of higher education, and public community colleges. There is no limit to the number of users each organization can have.  


SPECTRIM integrates with the Digital Identity Solution (TDIS) to allow authorized Texas government employees to access SPECTRIM utilizing multi-factor authentication (MFA) and single sign-on (SSO).

About Digital Identity Solution (TDIS) 

TDIS Enrollment Quick Reference Guide 

TDIS MFA Registration Guide 

SPECTRIM Guide - Login with TDIS 

SPECTRIM Guide - TDIS Access Management 

To request an account, ask your agency’s Information Security Officer (ISO) to open a support request in the SPECTRIM portal or email [email protected]

Solutions Available in SPECTRIM 

IT Security Vulnerability Management

RiskRecon provides scanning of internet-facing assets to determine a vulnerability priority based on asset value and issue severity.  RiskRecon integrates with the SPECTRIM portal to allow you to manage scan results, create vulnerability tickets, and make risk decisions associated with identified vulnerabilities.  

RiskRecon & IT Security Vulnerability Management Webinar Slides  

Listen to the RiskRecon & IT Security Vulnerability Management Overview Webinar 

Incident Reporting 

State rule requires each state agency and institution of higher education to provide timely reporting of certain types of security incidents to DIR which, depending on the threat or level of risk to the State, could mean emergency reporting.  Timely reporting is required (preferably within 24 hours) for incidents that may: 

  • Propagate to other state systems (emergency reporting) OR 

  • Result in criminal violations that shall be reported to law enforcement OR 

  • Involve the unauthorized disclosure or modification of confidential information, e.g., sensitive personal information OR

  • Be an authorized incident that compromises, destroys, or alters information systems, applications, or access to such systems or applications in any way. 

NOTE: If you cannot log into your SPECTRIM account to log an URGENT security incident, you can contact DIR's Cybersecurity Incident Response and Assistance hotline at (877) DIR-CISO (877-347-2476). The phone is answered 24 hours a day, 7 days a week for URGENT incident reporting matters. For non-urgent SPECTRIM assistance, please email [email protected] or have someone open an Archer Support Request from within the portal.

State rule agencies and institutions of higher education are required to timely report certain types of incidents to DIR. These reports are submitted through the SPECTRIM Portal's Incident Reporting System.  Local governments are required to report security incidents to DIR within 48 hours of discovery. These can be reported via the Archer Engage secure webform.

SPECTRIM Guide - Monthly Incident Reporting

The policy management solution allows organizations to store, manage, and review their IT and security policies as well as link policy components to applicable security controls.  

SPECTRIM Policy and Security Plan Template Training Slides 

Agencies and institutions of higher education now have the option of participating in the Texas Policy Sharing Group within the portal.  This group allows users to elect to share their policies across organizations with other participating members.  

Texas Policy Sharing Group Overview 

State rule requires that a risk assessment of the organizations' information and information systems shall be performed and documented. To help facilitate this requirement, SPECTRIM offers a risk assessment tool with standard questionnaires for application, facilities, organizational, and network assessments.   

The SPECTRIM Risk Manual provides you with step by step instructions for using the Risk Assessment module. 

The portal additionally supports a top-down risk assessment approach through the risk register.  The risk register helps organizations track and manage critical risks and risk treatments over their lifecycle. 

The Security Plan template gives agencies: 

  • A method for reporting on the types of controls they have in place 

  • An evaluation of their ability to operate the control environment at their required level 

  • A standardized approach for preparing the agency’s ongoing security plan 

Visit the agency security plan web page for more information and resources to complete your plan. 

DIR has implemented a solution within the portal for performing information system assessments and authorization based on the NIST Risk Management Framework.  If your organization is interested in leveraging the A&T solution, contact [email protected] to schedule an overview and training session. 

In addition to the governance, risk, and compliance functionality of SPECTRIM, several IT-related reporting processes are supported. 

Please coordinate with your organization’s designated Information Resources Manager for obtaining SPECTRIM access to complete IT-related reporting requirements. 


Log into SPECTRIM here. If you believe your account is inactive or need your password reset, click the Reset Password button.  

Cybersecurity Incident Management and Reporting
Need Assistance?

If you need assistance with SPECTRIM (including password resets), contact us

About File Formats

Some documents on this page are in the PDF format. Please download the Adobe Reader in order to view these documents.