Texas Cybersecurity Framework

On this page:

What is the Texas Cybersecurity Framework?

How is the Framework structured?

How can my organization request an assessment?

What is the Texas Cybersecurity Framework? 

DIR developed the Texas Cybersecurity Framework (TCF) in collaboration with other government entities and the private sector. It uses a common language to address and manage cybersecurity risk in a cost-effective way, based on business needs, without placing additional regulatory requirements on agencies. 

How the Texas Cybersecurity Framework is Structured 

Texas Cybersecurity Framework structure

The framework, which is aligned with the National Institute of Standards and Technology (NIST) framework, is divided into five concurrent and continuous functions: Identify, Protect, Detect, Respond, and Recover. Each functional area contains specific security control objectives to help organizations identify, assess, and manage cybersecurity risks in their environment. The TCF currently consists of 42 total security control objectives. 

Maturity Model 

Texas Cybersecurity Framework maturity levels

The TCF is intended to help an organization to better understand, manage, and reduce its cybersecurity risks. Part of the TCF structure is determining the maturity of each security control objective.  The term "maturity" relates to the degree of implementation and optimization of processes, from ad hoc practices all the way up to active optimization of the processes.

Request a TCF Assessment

If you are a state agency, public university, or junior college and would like to request a Texas Cybersecurity Framework assessment funded by DIR, click the button below. 

If you are not an existing STS customer and do not have access to the STS Portal, please contact your agency IT department or send an email to [email protected].

About File Formats

Some documents on this page are in the PDF format. Please download the Adobe Reader in order to view these documents.