On January 31, 2025, DIR released an update to the prohibited technologies list to include the following software, applications, and developers:
We have released a set of frequently asked questions (FAQs) relating to covered applications and prohibited technology.
The FAQ page is available at https://cyber.tamus.edu/policy/guidelines/prohibited-technology/faq/.
As part of our implementation of security control standard RA-5(11), Public Disclosure Program, today we implemented a consolidated public reporting system for vulnerabilities of Texas A&M system information resources. Information regarding the program and the vulnerability reporting form is available at https://cyber.tamus.edu/vuln-report/.
We have also released the first version of a TAMUS standardized security.txt, a file format to aid in security vulnerability disclosure specified by RFC 9116. This file is published at https://cyber.tamus.edu/.well-known/security.txt and is also available for members to use on their respective institution websites.
We released today a series of administrative changes to the security control standards. The majority of these changes moved TAMUS Implementation Statement language into organizationally-defined parameters (ODP) within each control, as well as implementing control standards that reflect existing system policy and assigning an impact baseline for all TAMUS-required controls.
An updated Covered Applications and Prohibited Technology Plan, as required by Texas DIR and Texas DPS, was issued today. The updated plan incorporates the requirements of Texas Government Code Chapter 620 and revises the plan's language throughout.
The revised plan is available at https://cyber.tamus.edu/policy/guidelines/prohibited-technology/.
A revised System Regulation 29.01.03, Information Security, was released today. This revision:
The revised regulation is available at https://policies.tamus.edu/29-01-03.pdf.
The comment period for new security control standards regarding Identity Proofing (IA-12(2)) and Identity Evidence Validation and Verification (IA-12(3)) has closed and the new standards have been published in the A&M System Security Control Standards Catalog.
Because this is a time-sensitive procedural implementation to address actively-exploited cyber risks, the implementation date is effective September 1.
When developing your member-level procedures to implement this control standard, please also take into consideration distributed systems with user accounts for which organizations other than IT may be responsible (this includes HR for TAMUS SSO accounts, Provost/Enrollment Management/Alumni Affairs for prospective students, alumni, etc.) and ensure those administrators are properly briefed on the control requirement.
We have made slight modifications to the incident reporting process within the TAMUS ISAO Portal. Please see the updated instructions here: https://cyber.tamus.edu/policy/guidelines/incident-notification/submit-incident/
These changes simplify the steps necessary for members to submit incident reports, eliminates extraneous actions on the back-end for TAMUS Cyber, and allows for TAMUS Cyber to communicate back-and-forth with the reporting member directly within the TAMUS ISAO Portal.
Welcome to the Cybersecurity blog!
We will post any updates, changes, answers to questions, etc. regarding the A&M System's cybersecurity policy program here.
Related posts include System Regulation 29.01.03 (and other regulations that may have security implications), the security control standards catalog, their supporting guidelines, as well as useful information regarding the implementation of the standards.
Stay tuned!