Statewide Cybersecurity Awareness Training

On this page:

About the Certified Cybersecurity Training Programs

Annual Timeline

Annual Training Requirements by Organization Type

Reporting Requirements

House Bill 1118 (87R) amends some of the cybersecurity training requirements for state and local governments. Here is a link to the bill text.   Organizations are encouraged to confer with their legal counsel concerning specific requirements, or if there are additional questions.  DIR will have the new certification form in place for the next training cycle for entities to verify compliance.

What is a Certified Cybersecurity Training Program? 

Texas Government Code 2054.519 State Certified Cybersecurity Training Programs requires DIR, in consultation with the Texas Cybersecurity Council, to certify at least five cybersecurity training programs for state and local government employees and Section 2054.5191 requires state and local government employees to complete a certified training program. The statute also requires state and local government employees to complete a certified training program. The sections that follow explain the annual timeline for certification of trainings, the training and reporting requirements for state agencies, local governments, and contractors, the certification requirements for cybersecurity training programs, and a listing of certified programs. 

Annual Timeline

Date Entity Description
Annually All government entities Train employees on certified training programs
March 15 - April 30 DIR DIR with consultation of the Texas Cybersecurity Council reviews requirements of the certified training programs
May 15 DIR Updated list of certification requirements published
June 1 Training providers and government entities Submission of training programs begins
July 31 Training providers Submission of training program ends
August 31 DIR New list of certified training providers published
August 31 All government entities Report completion of training submitted to DIR via the web form

Annual Training Requirements 

State and local governments are required to train their employees annually on a certified training program.

Employees required to complete the training are outlined in the table below.

Entity Type Training Required For Training Due Date
State Agencies*
  • Employees who use a government computer at least 25% of the employee's required duties
  • Elected or appointed officers of the agency
Annually
State Agency Contractors Contractors who have access to a state computer system or database During the term of the contract and during any renewal period
Local Governments
  • Employees, elected officials, and appointed officials who have access to a local government computer system or database and use a computer to perform at least 25 percent of their duties.
  • For school districts, only the district's cybersecurity coordinator is required to complete annual cybersecurity training.  Any other school district employee required to complete the cybersecurity training shall complete the training as determined by the district, with the district's cybersecurity coordinator. Elected officials are subject to the 25% usage threshold.
Annually

*State agency is defined in Chapter 2054 of Government Code, and includes a department, commission, board, office, council, authority, or other agency in the executive or judicial branch of state government that is created by the constitution or a statute of this state, including a university system or institution of higher education as defined by Section 61.003, Education Code. In addition, community colleges must comply with Texas Administrative Code Chapter 202 (TAC 202) and therefore must follow the training requirements for state agencies.

Exceptions to Training Requirements

The training requirements do not apply to employees and officials who have been:

  • Granted military leave;
  • Granted leave under the federal Family and Medical Leave Act of 1993 (29 U.S.C Section 2601 et seq.);
  • Granted leave related to a sickness or disability covered by workers' compensation benefits, if that employee no longer has access to the state agency's or local government's database and systems;
  • Granted any other type of extended leave or authorization to work from an alternative work site if that employee no longer has access to the state agency's or local government's database and systems; or
  • Denied access to a local government's computer system or database by the governing body of the local government or the governing body's designee for noncompliance with the training requirements. 

No exceptions exist for state agency contractors.

Reporting Training

Government entities must annually certify their compliance with the training requirements by August 31, using the Cybersecurity Training Certification for State and Local Governments. Note: The certification form will be updated for FY 21-22.

Government entities can track their compliance in any method they choose, and do not submit training records or employee certificates of completion to DIR. 

Training Programs 

Certified Training Programs

The list of certified training programs for FY 21-22 is below, and valid until August 31, 2022. Please note that these programs are certified for content, not other regulatory or statutory obligations.

Download the Certified Training Programs (DOCX 74 KB) or View the Certified Training Programs

Last Updated 10/15/2021

DIR Training Programs

DIR has developed a certified training. This video is being offered free of charge, in English and Spanish, to anyone who needs to meet the training requirements of Texas Government Code 2054.5191 or 2054.5192, and based on each organization's preference.  This training does not provide tracking or certificates for employees or employers; employers will need to track their employees' completion in a method of their own choosing. 

Cybersecurity Awareness Training FY 21-22 (English)

Cybersecurity Awareness Training FY 21-22 (Spanish)

DIR Training Tracker

DIR has an optional tool, Texas by Texas (TxT), for government entities to track their employees' training compliance. For entities using TxT, employees will report their training completion, and DIR will send reporting from the TxT application to each government entity to verify training compliance.  Organizations that wish to use TxT should indicate their interested by submitting the Texas By Texas Self Reporting Form.  More details and information about TxT will be provided to the organizations that plan to use TxT. 

Training Program Certification

Texas Government Code Section 2054.519(b) states that a cybersecurity training program must:

  1. Focus on forming information security habits and procedures that protect information resources; and
  2. Teach best practices for detecting, assessing, reporting, and addressing information security threats.

DIR, in consultation with the Texas Cybersecurity Council, publishes criteria for training programs to meet to be certified.

FY 21-22 Security Awareness Training Program Certification Standards (PDF 204KB)

There is no cost to have a training program reviewed for certification.  Certifications are valid until August 31 and need to be renewed annually.

Training Program Certification Request

Applications for training program certifications are accepted annually from June 1 until July 31. 

Applications for FY 21-22 training program certifications are no longer being accepted. If you'd like to request an exception, contact TxTrainingCert@dir.texas.gov.

Application Guide for Training Program Certification

Prepare your training program submission in advance by reviewing the application guide.

FY 21-22 Application Guide (PDF 292.75KB)

Agencies must annually certify their employee and contractor training compliance by August 31, using the Cybersecurity Training Certification for State and Local Governments

Local governments must annually certify their training compliance by August 31, using the Cybersecurity Training Certification for State and Local Governments

Local governments can track their compliance in any method they choose, and will not submit training records or employee certificates of completion to DIR.  Local governments also do not have to report their audits to DIR. Local governments should retain documentation with their training and auditing records. 

DIR has an optional tool, Texas by Texas (TxT), for state and local governments to track their employees' training compliance. For governments using TxT, employees will report their training completion, and DIR will send reporting from the TxT application to each government entity to verify training compliance.  Organizations that wish to use TxT should indicate their interested by submitting the House Bill 3834 Texas By Texas Self Reporting Form.  More details and information about TxT will be provided to the organizations that plan to use TxT.  

Get Started

Find information and resources to certify your training program along with FAQs about training, reporting and program certification. 

About File Formats

Some documents on this page are in the PDF format. Please download the Adobe Reader in order to view these documents.