Templates, Guides and Resources
|Acceptable Use of the Internet Policy (PDF 765 KB)
|The Acceptable Use of the Internet Guidelines are intended to assist state agencies and institutions of higher education compliance with the provisions of the Texas Administrative Code (TAC), Chapter 202 Information Security Standards and Executive Order (RP58) Relating to peer-to-peer file-sharing software.
|Control Standards Catalog (PDF 1.78 MB)
|The Control Standards Catalog was initiated by DIR to help state agencies and higher education institutions implement security controls. It specifies the minimum information security requirements that state organizations must employ to provide the appropriate level of security relevant to level of risk.
|Control Crosswalk (XLSX 1 MB)
|The Control Crosswalk maps TAC §202 to industry standards, regulatory requirements, and compliance mandates. It is meant to relate the controls specified in Revised TAC §202 to other requirements that agencies and higher education institutions may have for protecting information and information systems.
|Cloud Services Guide (PDF 631 PDF)
|Resources and information when considering cloud services.
|Cybersecurity Terms & Definitions (DOCX 35KB)
|Common cybersecurity terms and definitions.
|Cybersecurity Tip Sheet (PDF 140 KB)
|General tips for online cybersecurity.
Data Classification Guide (DOCX 67KB)
Data Classification Template (XLSX 77 KB)
|Data classification is the basis for identifying an initial baseline set of security controls for information and information systems, which provides numerous benefits. First and foremost, data classification makes making security decisions more efficient for employees, data owners, and IT staff, because it instantly identifies and communicates the level of protection required for any piece of data as well as the audience that may view it.
Data Use Agreement Policy (DOCX 30 KB)
Data Use Agreement FAQ (PDF 104 KB)
|The 84th Legislative Session passed Senate Bill 1877 which requires "Each state agency [to] develop a data use agreement for use by the agency that meets the particular needs of the agency and is consistent with rules adopted by the department [of information resources] that relate to information security standards for state agencies."
|DoD Identity Awareness, Protection, and Management Guide (PDF 4.91 MB)
|US Department of Defense guidance for managing online identity and responding to identity theft.
|Domain Name Management Policy (PDF 673)
|Guidance Regarding Internet Domain Management.
|Doxxing & SWAT-ing Guide (PDF 151 KB)
|Guidance and suggestions for handling doxxing and SWAT-ing events.
|How to Set Up a Successful Cybersecurity Program (PDF 378 KB)
DIR's recommendations for initial steps when developing a successful cybersecurity program. Additional details are in the DIR Redbook.
|Incident Response Guide & Templates (PDF 800 KB)
|The Incident Response is intended to be a framework for organizations in creating their own incident response plans and procedures and should be completed and modified to meet the business needs of the organization.
|Information Resources Employees Continuing Education Guidelines for Cybersecurity (PDF 385 KB)
|HB 8, 85(R) required DIR to develop continuing education guidelines for information resources employees regarding cybersecurity. The following guidelines were developed to assist agencies and institutions of higher education with ensuring their IR staff have the education and awareness to help protect their organizations.
|Mutual Aid Agreement Framework (PDF 262 KB)
|SB 475, 87(R) required DIR to establish a framework for regional cybersecurity working groups to execute mutual aid agreements that allow state and local entities, the private sector, and the incident response team to assist with responding to a cybersecurity event in Texas. The Texas Framework for Mutual Aid Agreements for Security Incidents includes the elements of a mutual aid agreement, a template mutual aid agreement, and a template non-disclosure agreement.
|PC Life Cycle Guidelines (DOCX 121 KB)
|Guidelines for establishing PC Life Cycles.
|Sale or Transfer of Computers & Software Guide (PDF 127 KB)
|This guideline is intended to supplement existing policies and procedures on the sale and transfer of surplus and salvaged equipment.
|Software Currency Policy Template (DOCX 41 KB)
|Policy template to reduce the use of unsupported software and reduce vulnerabilities in state systems.
|Provisions for linking to state websites and privacy policies.
|Teleworking Tips (PDF 138 KB)
|Information and guidance for secure teleworking.
|Vendor Alignment Template (XLSX 102 KB)
|Tool that enables vendors of security products and services to align their offerings to the Texas Cybersecurity Framework.
|Videoconferencing Guidelines (PDF 317 KB)
|Technical and operational standards for hosting video conference meetings.
|Virtual Collaboration Tools Security Tips (PDF 216 KB)
|DIR's recommendations for cybersecurity when using virtual collaboration tools.
|Zoom Security Guidelines (PDF 174 KB)
|Guidance and suggestions on the use of Zoom and other virtual collaboration tools.