State Certified Cybersecurity Training Programs
The department, in consultation with the cybersecurity council established under Section 2054.512 (Cybersecurity Council) and industry stakeholders, shall annually:
certify at least five cybersecurity training programs for state and local government employees; and
update standards for maintenance of certification by the cybersecurity training programs under this section.
To be certified under Subsection (a), a cybersecurity training program must:
focus on forming information security habits and procedures that protect information resources; and
teach best practices for detecting, assessing, reporting, and addressing information security threats.
The department may identify and certify under Subsection (a) training programs provided by state agencies and local governments that satisfy the training requirements described by Subsection (b).
The department may contract with an independent third party to certify cybersecurity training programs under this section.
The department shall annually publish on the department’s Internet website the list of cybersecurity training programs certified under this section.
Notwithstanding Subsection (a), a local government that employs a dedicated information resources cybersecurity officer may offer to its employees a cybersecurity training program that satisfies the requirements described by Subsection (b).Added by Acts 2019, 86th Leg., R.S., Ch. 1308 (H.B. 3834), Sec. 3, eff. June 14, 2019.
measureable, flexible, and voluntary cybersecurity risk management programs for public and private entities to adopt to prepare for and respond to cyber incidents that compromise the confidentiality, integrity, and availability of the entities’ information systems;
appropriate training and information for employees or other individuals who are most responsible for maintaining security of the entities’ information systems;
consistency with the National Institute of Standards and Technology standards for cybersecurity;
public service announcements to encourage cybersecurity awareness; and
coordination with local and state governmental entities.
The state cybersecurity coordinator shall establish a cyberstar certificate program to recognize public and private entities that implement the best practices for cybersecurity developed in accordance with Subsection (a). The program must allow a public or private entity to submit to the department a form certifying that the entity has complied with the best practices and the department to issue a certificate of approval to the entity. The entity may include the certificate of approval in advertisements and other public communications.Added by Acts 2019, 86th Leg., R.S., Ch. 509 (S.B. 64), Sec. 17, eff. September 1, 2019.