Tex. Gov't Code Section 2054.515
Agency Information Security Assessment and Report

(a)

At least once every two years, each state agency shall conduct an information security assessment of the agency’s:

(1)

information resources systems, network systems, digital data storage systems, digital data security measures, and information resources vulnerabilities; and

(2)

data governance program with participation from the agency’s data management officer, if applicable, and in accordance with requirements established by department rule.

(b)

Not later than November 15 of each even-numbered year, the agency shall report the results of the assessment to:

(1)

the department; and

(2)

on request, the governor, the lieutenant governor, and the speaker of the house of representatives.

(b)

Not later than December 1 of the year in which a state agency conducts the assessment under Subsection (a) or the 60th day after the date the agency completes the assessment, whichever occurs first, the agency shall report the results of the assessment to:

(1)

the department; and

(2)

on request, the governor, the lieutenant governor, and the speaker of the house of representatives.

(c)

The department by rule shall establish the requirements for the information security assessment and report required by this section.

(d)

The report and all documentation related to the information security assessment and report are confidential and not subject to disclosure under Chapter 552 (Public Information). The state agency or department may redact or withhold the information as confidential under Chapter 552 (Public Information) without requesting a decision from the attorney general under Subchapter G (Request for Attorney General Decision), Chapter 552 (Public Information).

Added by Acts 2017, 85th Leg., R.S., Ch. 683 (H.B. 8), Sec. 11, eff. September 1, 2017.

Amended by:

Acts 2019, 86th Leg., R.S., Ch. 573 (S.B. 241), Sec. 1.16, eff. September 1, 2019.

Acts 2021, 87th Leg., R.S., Ch. 567 (S.B. 475), Sec. 7, eff. June 14, 2021.

Acts 2021, 87th Leg., R.S., Ch. 856 (S.B. 800), Sec. 10, eff. September 1, 2021.

Source: Section 2054.515 — Agency Information Security Assessment and Report, https://statutes.capitol.texas.gov/Docs/GV/htm/GV.2054.htm#2054.515 (accessed Jun. 5, 2024).

2054.001
Legislative Findings and Policy 2054.002
Short Title 2054.003
Definitions 2054.004
Department 2054.005
Sunset Provision 2054.006
Laws Not Affected 2054.007
Exception: State Lottery Operations 2054.008
Contract Notification 2054.010
References to Preceding Agency 2054.011
Statewide Network Applications Account 2054.021
Composition of Board 2054.022
Conflict of Interest 2054.023
Compensation 2054.024
Vacancy 2054.025
Removal of Board Member 2054.026
Limitation on Liability 2054.027
Meetings 2054.028
Presiding Officer 2054.029
Staff 2054.030
Merit Pay 2054.031
Career Ladder 2054.032
Equal Employment Opportunity 2054.033
Advisory Committees 2054.034
Department Finances 2054.035
Participation and Accessibility 2054.036
Complaints 2054.037
Negotiated Rulemaking 2054.038
Internal Auditor 2054.039
Open Meetings Exception for Internal Auditor 2054.040
Audit Subcommittee 2054.041
Additional Board Oversight 2054.051
General Duties of Department 2054.052
General Powers of Department 2054.053
Legislative Budget Instructions 2054.054
Client Omnibus Registry and Exchange Data Bases 2054.055
Performance Report 2054.056
Computer Services 2054.058
Consideration of Vendor Incentives 2054.059
Cybersecurity 2054.060
Digital Signature 2054.061
Use of Consultants and Outside Staff 2054.062
Information Resources Technologies Consolidation 2054.063
Electronic Reporting to State Agencies 2054.064
Board Approval of Contracts 2054.065
Review of Certain Contract Solicitations 2054.066
Department Review 2054.067
Posting of Certain Documents Relating to Contract Solicitations 2054.068
Information Technology Infrastructure Report 2054.069
Prioritized Cybersecurity and Legacy System Projects Report 2054.070
Central Repository for Publicly Accessible Electronic Data 2054.071
Identity of Manager 2054.074
Responsibility to Prepare Operating Plans 2054.0075
Exception: Public Junior College 2054.075
Cooperation with Information Resources Manager 2054.076
Training and Continuing Education 2054.077
Vulnerability Reports 2054.091
Preparation of State Strategic Plan 2054.092
Content of State Strategic Plan 2054.093
Amendment of State Strategic Plan 2054.094
Submission of State Strategic Plan 2054.095
Agency Information Resources Strategic Planning Instructions 2054.097
Analysis of Information Resources Deployment Review 2054.100
Biennial Operating Plan of State Agency 2054.101
Instructions for Preparing Operating Plans 2054.102
Evaluation and Approval of Operating Plans 2054.103
Submission of Operating Plans 2054.104
Denial of Access to Appropriations on Failure to Submit Operating Plan 2054.111
Use of State Electronic Internet Portal Project 2054.112
Security Review for New Internet Sites 2054.113
Duplication with State Electronic Internet Portal 2054.115
Sale or Lease of Software 2054.116
Spanish Language Content on Agency Websites 2054.117
Electronic Data Processing Center 2054.118
Major Information Resources Project 2054.120
Electronic Mail Address 2054.121
Coordination with Institutions of Higher Education 2054.122
Coordinated Technology Training 2054.124
Power Management Software 2054.125
Linking and Indexing Internet Sites 2054.126
Posting of Information on Internet 2054.127
Internet Website Development: Grants and Assistance 2054.128
Environmental and Natural Resources Agencies Internet Portal 2054.129
Advertising Online Options 2054.130
Removal of Data from Data Processing Equipment 2054.131
Electronic Benefits Enrollment and Administration System 2054.132
Posting of Forms Required 2054.133
Information Security Plan 2054.134
Device and Internet Browser Compatibility 2054.135
Data Use Agreement 2054.136
Designated Information Security Officer 2054.137
Designated Data Management Officer 2054.138
Security Controls for State Agency Data 2054.151
Purpose and Findings 2054.152
Definition 2054.153
Department Guidelines 2054.154
Department Assistance 2054.156
State Agency Duties 2054.157
Oversight by Department 2054.158
Quality Assurance Team 2054.159
Major Information Resources Project Monitoring 2054.160
Review of Contract for Major Information Resources Project 2054.161
Data Classification, Security, and Retention Requirements 2054.203
Telecommunications Planning and Policy 2054.205
Development of System 2054.251
Definitions 2054.252
State Electronic Internet Portal Project 2054.259
General Powers and Duties of Department 2054.260
Reporting Requirements 2054.261
Assistance and Coordination with Other Governmental Entities 2054.262
Rules 2054.263
Seal 2054.266
Donations and Grants 2054.268
Contracts 2054.269
Intellectual Property Rights 2054.271
Authentication of Individual Identities and Signatures 2054.272
Business Permits and Licenses Internet Portal 2054.273
Collection and Forwarding of Fees 2054.274
Recovery of Fees 2054.0285
Executive Director: Chief Information Officer 2054.0286
Chief Data Officer 2054.301
Applicability 2054.302
Guidelines 2054.303
Business Case and Statewide Impact Analysis 2054.304
Project Plans 2054.305
Procurement Plan and Method for Monitoring Contracts 2054.306
Post-implementation Review 2054.307
Approval of Documents and Contract Changes 2054.0331
Customer Advisory Committee 2054.0332
Data Management Advisory Committee 2054.0345
Determination of Administrative Fees 2054.0346
Reporting of Administrative Fees 2054.351
Definitions 2054.352
Applicability 2054.353
Electronic System for Occupational Licensing Transactions 2054.354
Steering Committee 2054.355
Change of Address and Other Information 2054.356
Sharing of Information 2054.375
Definitions 2054.376
Applicability 2054.377
Institutions of Higher Education 2054.378
Scope of Operation of Centers 2054.379
Rules 2054.380
Fees 2054.381
Contracting 2054.382
Statewide Technology Centers for Data or Disaster Recovery Services 2054.383
Establishment of Additional Statewide Technology Centers 2054.384
Cost and Requirements Analysis 2054.385
Notice of Selection 2054.386
Interagency Contract 2054.387
Interagency Contract 2054.388
Transfer of Ownership 2054.389
Transition Schedules 2054.390
Migration of Services 2054.391
Use of Statewide Technology Centers Required 2054.392
Statewide Technology Account 2054.451
Definitions 2054.452
Training and Technical Assistance 2054.453
Rules 2054.454
State Agency Compliance 2054.455
Public Information 2054.456
Access to Electronic and Information Resources by State Employees with Disabilities 2054.457
Access to Electronic and Information Resources by Other Individuals with Disabilities 2054.458
Internet Websites 2054.459
Emerging Technologies 2054.460
Exception for Significant Difficulty or Expense 2054.461
Exemptions 2054.462
Exception for Embedded Information Resources 2054.463
Exception for Medical Equipment 2054.464
Survey 2054.465
No Cause of Action Created 2054.510
Chief Information Security Officer 2054.511
Cybersecurity Coordinator 2054.512
Cybersecurity Council 2054.514
Recommendations 2054.515
Agency Information Security Assessment and Report 2054.516
Data Security Plan for Online and Mobile Applications 2054.518
Cybersecurity Risks and Incidents 2054.519
State Certified Cybersecurity Training Programs 2054.521
Major Outsourced Contract Defined 2054.522
Board Approval and Oversight of Major Outsourced Contracts 2054.523
Management Plans for Major Outsourced Contracts 2054.524
Customer Involvement in Major Outsourced Contracts 2054.0525
Customers Eligible for Department Services 2054.0541
Statewide Health Care Data Collection System 2054.551
Definition 2054.552
Conflict of Interest in Contracting 2054.553
Contract Management Training Policy 2054.554
Contract Management Guide 2054.0565
Use of Contracts by Other Entities 2054.571
Definition 2054.572
Legacy System Modernization Strategy 2054.573
Reporting Service 2054.574
Application Portfolio Management Program 2054.575
Security Issues Related to Legacy Systems 2054.576
Shared Solutions 2054.577
Technology Improvement and Modernization Fund 2054.578
Joint Oversight Committee on Investment in Information Technology Improvement and Modernization Projects 2054.0591
Cybersecurity Report 2054.0592
Cybersecurity Emergency Funding 2054.0593
Cloud Computing State Risk and Authorization Management Program 2054.0594
Information Sharing and Analysis Organization 2054.601
Use of Next Generation Technology 2054.602
Liability Exemption 2054.603
Security Incident Notification by State Agency or Local Government 2054.621
Definitions 2054.622
Artificial Intelligence Advisory Council 2054.623
Automated Decision Systems Inventory Report 2054.624
Council Abolished 2054.0691
Digital Transformation Guide 2054.0701
State Information Technology Credential 2054.0925
Telecommunications in State Strategic Plan 2054.0965
Information Resources Deployment Review 2054.1015
Planned Procurement Schedules for Commodity Items 2054.1115
Electronic Payments on State Electronic Internet Portal 2054.1181
Oversight of Major Information Resources Projects 2054.1182
Evaluation of Completed Major Information Resources Projects 2054.1183
Annual Report on Major Information Resources Projects 2054.1211
Reporting Requirements of Institutions of Higher Education 2054.1264
Posting of Cost-efficiency Suggestions and Ideas on State Agency Website 2054.1265
Posting High-value Data Sets on Internet 2054.2011
Definitions 2054.2051
Oversight of Systems 2054.2591
Fees 2054.2592
Fee Exemption 2054.2605
Reporting Requirements: Licensing Entities 2054.2606
Reporting Profile Information 2054.2721
Independent Annual Audit 2054.3771
Eligible Entities 2054.3851
Eligible Entity Participation and Selection 2054.5181
Cyberstar Program 2054.5191
Cybersecurity Training Required: Certain Employees and Officials 2054.5192
Cybersecurity Training Required: Certain State Contractors 2054.52001
Definitions 2054.52002
Establishment of Texas Volunteer Incident Response Team 2054.52003
Contract with Volunteers 2054.52004
Volunteer Qualification 2054.52005
Deployment 2054.52006
Cybersecurity Council Duties 2054.52007
Department Powers and Duties 2054.52008
Status of Volunteer 2054.52009
Civil Liability 2054.52010
Confidential Information

Accessed:
Jun. 5, 2024

§ 2054.515’s source at texas.gov

Stay Connected

Join thousands of people who receive monthly site updates.

Get Legal Help

The State Bar of Texas runs a service for finding an attorney in good standing. Initial consultations are usually free or discounted: Lawyer Referral & Information Service (LRIS)

Committed to Public Service

We will always provide free access to the current law. In addition, we provide special support for non-profit, educational, and government users. Through social entrepreneurship, we’re lowering the cost of legal services and increasing citizen access.

Navigate

California:	Codes
Colorado:	C.R.S.
Nevada:	NRS
New York:	Laws
Oregon:	OAR, ORS
Texas:	Statutes
World:	Rome Statute, International Dictionary

Location: https://texas.public.law/statutes/tex._gov't_code_section_2054.515

Original Source: Section 2054.515 — Agency Information Security Assessment and Report, https://statutes.capitol.texas.gov/Docs/GV/htm/GV.2054.htm#2054.515 (last accessed Jun. 5, 2024).