With the passage of Senate Bill 820 districts are now required to implement several security measures.
-
Designate a security coordinator
-
Adopt a cybersecurity policy
-
Report any breach of student personally identifiable data to TEA
CyberSecurity Policy:
A district is required to have a cybersecurity policy in order to:
- secure district cyberinfrastructure against cyber attacks and other cybersecurity incidents.
- determine cybersecurity risk and implement mitigation planning.
The policy may not conflict with the information security standards for institutions of higher education adopted by the Department of Information Resources under Chapters 2054 and 2059, Government Code.
CyberSecurity Coordinator:
The superintendent of each school district must designate someone to be the cybersecurity coordinator for the district to serve as a liaison between the district and the agency in cybersecurity matters.
The cybersecurity coordinator is required to:
- report any breach of the district’s information systems to the agency.
- provide notice to a parent or guardian of a breach that involves a student’s PIA.
Statewide Cybersecurity Awareness Training
House Bill 1118 (87R) amends some of the cybersecurity training requirements for state and local governments. Here is a link to the bill text. Organizations are encouraged to confer with their legal counsel concerning specific requirements, or if there are additional questions. DIR has published a new certification form for the FY2022 training cycle for entities to verify compliance.
What is a Certified Cybersecurity Training Program?
Texas Government Code 2054.519 State Certified Cybersecurity Training Programs requires requires DIR, in consultation with the Texas Cybersecurity Council, to certify at least five cybersecurity training programs for state and local government employees and Section 2054.5191 requires state and local government employees and officials to complete a certified training program. The statute also requires state government contractors to complete a certified training program.
CoSN Budgeting, TCO & VOI Tools
TASB Cybersecurity Resources
- School Cybersecurity: Getting Started (pdf)
- School Cybersecurity: Texas Requirements (pdf)
- School Cybersecurity: Security Breach Notification and Response (pdf)
These and other articles can be found on TASB's Technology page in the TASB Legal eSource Library, which is constantly updated and increased.
Links to Helpful Resources
- TEA CyberSecurity Tips and Tools (webinars)
- Texas CyberSecurity Framework Controls and Definitions
- Texas CyberSecurity Strategic Plan 2018
- NIST Standards for CyberSecurity
- NIST Framework for Improving Critical Infrastructure CyberSecurity V1.1
- Trusted Learning Environment Framework
- CyberSecurity CoSN Resources
- Top 5 Cybersecurity Threats
- District Security Checklist
- Cyber Insurance
- DIR Incident Response Team Redbook
Cybersecurity Annual Timeline
| Date | Entity | Description |
| Annually | All government entities | Train employees on certified training programs |
| March 15 - April 30 | DIR | DIR with consultation of the Texas Cybersecurity Council reviews requirements of the certified training programs |
| May 15 | DIR | Updated list of certification requirements published |
| June 1 | Training providers and government entities | Submission of training programs begins |
| July 31 | Training providers | Submission of training program ends |
| August 31 | DIR | New list of certified training providers published |
| August 31 | All government entities | Report completion of training submitted to DIR via the web form |