Texas State’s  Cybersecurity Awareness Training

Texas State’s  Cybersecurity Awareness Training

House Bill 1118 (87R) amends some of the cybersecurity training requirements for state and local governments. Here is a link to the bill text.  Organizations are encouraged to confer with their legal counsel concerning specific requirements, or if there are additional questions. DIR has published a new certification form for the FY2022 training cycle for entities to verify compliance,.

What is a Certified Cybersecurity Training Program? 

Texas Government Code 2054.519 State Certified Cybersecurity Training Programs requires  requires DIR, in consultation with the Texas Cybersecurity Council, to certify at least five cybersecurity training programs for state and local government employees and Section 2054.5191 requires state and local government employees and officials to complete a certified training program. The statute also requires state government contractors to complete a certified training program.

 

Annual Timeline

DateEntityDescription
AnnuallyAll government entitiesTrain employees on certified training programs
March 15 – April 30DIRDIR with consultation of the Texas Cybersecurity Council reviews requirements of the certified training programs
May 15DIRUpdated list of certification requirements published
June 1Training providers and government entitiesSubmission of training programs begins
July 31Training providersSubmission of training program ends
August 31DIRNew list of certified training providers published
August 31All government entitiesReport completion of training submitted to DIR via the web form

Annual Training Requirements

State and local governments are required to train their employees annually on a certified training program.

Employees required to complete the training are outlined in the table below.

Entity TypeTraining Required ForTraining Due Date
State Agencies*
  • Employees who use a government computer at least 25% of the employee’s required duties
  • Elected or appointed officers of the agency
Annually
State Agency ContractorsContractors who have access to a state computer system or databaseDuring the term of the contract and during any renewal period
Local Governments
  • Employees, elected officials, and appointed officials who have access to a local government computer system or database and use a computer to perform at least 25 percent of their duties.
  • For school districts, only the district’s cybersecurity coordinator is required to complete annual cybersecurity training.  Any other school district employee required to complete the cybersecurity training shall complete the training as determined by the district, with the district’s cybersecurity coordinator. Elected officials are subject to the 25% usage threshold.
Annually

*State agency is defined in Chapter 2054 of Government Code, and includes a department, commission, board, office, council, authority, or other agency in the executive or judicial branch of state government that is created by the constitution or a statute of this state, including a university system or institution of higher education as defined by Section 61.003, Education Code. In addition, community colleges must comply with Texas Administrative Code Chapter 202 (TAC 202) and therefore must follow the training requirements for state agencies.

Exceptions to Training Requirements

The training requirements do not apply to employees and officials who have been:

  • Granted military leave;
  • Granted leave under the federal Family and Medical Leave Act of 1993 (29 U.S.C Section 2601 et seq.);
  • Granted leave related to a sickness or disability covered by workers’ compensation benefits, if that employee no longer has access to the state agency’s or local government’s database and systems;
  • Granted any other type of extended leave or authorization to work from an alternative work site if that employee no longer has access to the state agency’s or local government’s database and systems; or
  • Denied access to a local government’s computer system or database by the governing body of the local government or the governing body’s designee for noncompliance with the training requirements.

No exceptions exist for state agency contractors.

Reporting Training

Government entities must annually certify their compliance with the training requirements by August 31, using the Cybersecurity Training Certification for State and Local Governments. The certification form has been updated for FY 21-22.

Government entities can track their compliance in any method they choose, and do not submit training records or employee certificates of completion to DIR.

Training Programs

Certified Training Programs

The list of certified training programs for FY 21-22 is below, and valid until August 31, 2022. Please note that these programs are certified for content, not other regulatory or statutory obligations.

Download the Certified Training Programs (DOCX 78.36 KB) or View the Certified Training Programs

Last Updated 03/15/2022

DIR Training Programs

DIR has developed a certified training. This video is being offered free of charge, in English and Spanish, to anyone who needs to meet the training requirements of Texas Government Code 2054.5191 or 2054.5192, and based on each organization’s preference.  This training does not provide tracking or certificates for employees or employers; employers will need to track their employees’ completion in a method of their own choosing.

Cybersecurity Awareness Training FY 21-22 (English)

Cybersecurity Awareness Training FY 21-22 (Spanish)

DIR Training Tracker

DIR has an optional tool, Texas by Texas (TxT), for government entities to track their employees’ training compliance. For entities using TxT, employees will report their training completion, and DIR will send reporting from the TxT application to each government entity to verify training compliance.  Organizations that wish to use TxT should indicate their interested by submitting the Texas By Texas Self Reporting Form.  More details and information about TxT will be provided to the organizations that plan to use TxT.

Training Program Certification

Texas Government Code Section 2054.519(b) states that a cybersecurity training program must:

  1. Focus on forming information security habits and procedures that protect information resources; and
  2. Teach best practices for detecting, assessing, reporting, and addressing information security threats.

DIR, in consultation with the Texas Cybersecurity Council, publishes criteria for training programs to meet to be certified.

FY 21-22 Security Awareness Training Program Certification Standards (PDF 204KB)

There is no cost to have a training program reviewed for certification.  Certifications are valid until August 31 and need to be renewed annually.

Training Program Certification Request

Applications for training program certifications are accepted annually from June 1 until July 31.

Applications for FY 21-22 training program certifications are no longer being accepted. If you’d like to request an exception, contact TxTrainingCert@dir.texas.gov.

Application Guide for Training Program Certification

Prepare your training program submission in advance by reviewing the application guide.

FY 21-22 Application Guide (PDF 292.75KB)

Loading

Editor
Author: Editor

Visits: 6

HTML Snippets Powered By : XYZScripts.com
×