Technical and Assessment Services
On this page:
What Services are Available to Me?
Network Pen Tests
Web or Mobile Application Pen Tests
Texas Cybersecurity Framework Assessments
What Services are Available to Me?
If you are a state agency, community college, or public institution of higher education, DIR Office of the Chief Information Security Officer (OCISO) will fund the following services, as long as funds are available.
-
External Black-box Network Penetration Testing
-
Web or Mobile Application Penetration Testing
-
Texas Cybersecurity Framework Assessments
These services are performed through our Managed Security Services (MSS) program. DIR Customers that don’t fit into the categories above can still request and purchase these services and more through MSS.
Network Pen Testing
A pen test evaluates network and system vulnerabilities that are susceptible to attack from possibly malicious sources and analyzes system configurations, web applications, and technical weaknesses. A pen test:
-
Evaluates network security from attacker's perspective
-
Identifies at-risk confidential or sensitive data
-
Verifies and attempts to exploit actual security vulnerabilities
-
Determines network's vulnerability to attack
-
Provides suggested countermeasures to prevent intrusion or data loss
-
Assists business impact analysis
-
Documents findings and delivers a custom report identifying vulnerabilities and describing successful exploits
Web and Mobile Application Pen Testing
Texas Government Code requires agencies and public institutions of higher education to obtain a penetration test and remediate any discovered vulnerabilities prior to launching a web or mobile application that processes sensitive personal information. DIR has limited dedicated funds to cover these pen tests for eligible customers – one per fiscal year, first-come, first-serve.
These tests use a defined methodology that includes both automated and manual processes to identify application vulnerabilities such as SQL injection susceptibility, buffer overflow, session hijacking, information leakage, and more.
Texas Cybersecurity Framework (TCF) Assessment
Texas Government Code requires each state agency to conduct an information security assessment at least once every two years and report the results to DIR and upon request, to state leadership. DIR offers security assessments to state agencies, community colleges, and public institutions of higher education through our MSS program at no cost to the customer. These assessments evaluate the maturity level of each security objective and provide recommendations for improving the security maturity and posture of the organization, along with a recommended roadmap.
Request Pen Testing or Assessment Services
If you are a state agency, public university, or junior college and would like to request a Texas Cybersecurity Framework assessment funded by DIR, click the button below.
If you are not an existing STS customer and do not have access to the STS Portal, please contact your agency IT department or send an email to [email protected].