Technical and Assessment Services

On this page:

What Services are Available to Me?

Network Pen Tests

Web or Mobile Application Pen Tests

Texas Cybersecurity Framework Assessments

What Services are Available to Me? 

If you are a state agency, community college, or public institution of higher education, DIR Office of the Chief Information Security Officer (OCISO) will fund the following services, as long as funds are available. 

  • External Black-box Network Penetration Testing 

  • Web or Mobile Application Penetration Testing 

  • Texas Cybersecurity Framework Assessments 

These services are performed through our Managed Security Services (MSS) program. DIR Customers that don’t fit into the categories above can still request and purchase these services and more through MSS.  

Network Pen Testing 

A pen test evaluates network and system vulnerabilities that are susceptible to attack from possibly malicious sources and analyzes system configurations, web applications, and technical weaknesses. A pen test: 

  • Evaluates network security from attacker's perspective 

  • Identifies at-risk confidential or sensitive data 

  • Verifies and attempts to exploit actual security vulnerabilities 

  • Determines network's vulnerability to attack 

  • Provides suggested countermeasures to prevent intrusion or data loss 

  • Assists business impact analysis 

  • Documents findings and delivers a custom report identifying vulnerabilities and describing successful exploits 

Web and Mobile Application Pen Testing 

Texas Government Code requires agencies and public institutions of higher education to obtain a penetration test and remediate any discovered vulnerabilities prior to launching a web or mobile application that processes sensitive personal information.  DIR has limited dedicated funds to cover these pen tests for eligible customers – one per fiscal year, first-come, first-serve.   

These tests use a defined methodology that includes both automated and manual processes to identify application vulnerabilities such as SQL injection susceptibility, buffer overflow, session hijacking, information leakage, and more. 

Texas Cybersecurity Framework (TCF) Assessment 

Texas Government Code requires each state agency to conduct an information security assessment at least once every two years and report the results to DIR and upon request, to state leadership. DIR offers security assessments to state agencies, community colleges, and public institutions of higher education through our MSS program at no cost to the customer. These assessments evaluate the maturity level of each security objective and provide recommendations for improving the security maturity and posture of the organization, along with a recommended roadmap.   

Request Pen Testing or Assessment Services

If you are a state agency, public university, or junior college and would like to request a Texas Cybersecurity Framework assessment funded by DIR, click the button below. 

If you are not an existing STS customer and do not have access to the STS Portal, please contact your agency IT department or send an email to [email protected].

About File Formats

Some documents on this page are in the PDF format. Please download the Adobe Reader in order to view these documents.