Skip to main content

Prohibited Technology FAQs

General Questions

What’s the difference between a Covered Application and a Prohibited Technology?

Covered applications are limited to certain social media applications and services, such as TikTok. The prohibition against covered applications extends only to institution-owned devices, and exceptions are extremely limited to law enforcement and information security purposes.

Prohibited technologies are a broad set of hardware and software products and services specified by the Texas Department of Information Resources (DIR). The prohibition has a broad set of technical and administrative requirements that apply to both institution-owned devices and personally-owned devices used for state business.

Can I request an exception to access a technology prohibited by the Governor’s directive?

Faculty and staff may request exceptions for Prohibited Technologies. To request an exception, follow your institution's exception request process. The form must include a business justification and be approved by the institution head (university president or agency director).

No exceptions may be authorized for social media services classified as Covered Applications under Tex. Gov't Code Chapter 620.

What technologies are prohibited?

DIR maintains a list of Prohibited Technologies, including software, applications, developers, hardware, equipment, and manufacturers, as well as technologies from any subsidiary or affiliate of an entity on DIR’s list (e.g., a software studio or child company partially owned by a listed entity).

The list is available here: https://dir.texas.gov/information-security/prohibited-technologies

Covered Applications are identified by proclamation of the Governor. Presently the only technologies identified as Covered Applications are TikTok and other services from TikTok’s parent company, ByteDance Ltd.

Can I access TikTok (or other prohibited software) on Texas A&M University System property as long as I’m using a personal device and my own data?

The Texas A&M System does not manage user personal devices. Users with personal devices with prohibited technologies installed will be prohibited from entering sensitive locations and may be blocked on A&M System member networks if they connect to those networks.

Why does the Texas A&M System have to comply with the Governor’s Directive on Prohibited technologies?

The Texas A&M System and its members are public institutions of higher education and state agencies, and are therefore subject to complying with requirements set by the Office of the Governor, rules set by regulatory agencies, and legislative mandates passed into law. Further, the A&M System issues policies corresponding to similar compliance requirements.

Students

I’m a student, not a Texas A&M System employee, so why do these rules even apply to me?

These rules apply to all individuals accessing institution-owned information resources.

I’m a student employee at a Texas A&M System member. If other students can have TikTok on their personal devices, why can’t I?

You may have prohibited technologies on personally-owned devices. However, you cannot conduct state business from a personally-owned device that contains prohibited technologies.

Can I access prohibited technologies if I live in university housing?

Refer to your university's acceptable use policies for further information.

My student organization has a TikTok account. Do we have to we delete it?

Contact your university's information security office for guidance.

Faculty and Staff

I’m a faculty member teaching a course at a Texas A&M System institution that uses a prohibited technology. What do I do?

Contact your university's information security office for guidance.

I’m a faculty/staff member, how does this impact my day-to-day?

This answer depends on the tools and technologies you use on a day-to-day basis. Employees who use only institution-owned devices, software, and other technologies to do their job should experience little to no impact.

What do I do if I currently use a prohibited technology for state business?

Discontinue the use of the prohibited technology and contact your institution's information security office for guidance.

I’m an employee, and I have a prohibited technology on my personal mobile device. May I continue to check my A&M System member email, access VPN, log on to Workday, Banner, Concur, or other A&M System applications from this device?

No. Having prohibited technology on your personal device while conducting state business is prohibited. You need to remove the prohibited technology before continuing to use this device for state business. If you are required to conduct state business on this device and cannot or will not remove the prohibited technology, you should consult with your supervisor about what device(s) may be made available for performing your duties.

I have a personal device with prohibited technologies installed, can I respond to Duo/Microsoft Authenticator notifications or calls to log on to my A&M System accounts?

Yes, within the scope of this prohibition, using your personal device as part of Duo/Microsoft/etc. Multi-Factor Authentication (MFA) is not considered conducting state business.

I’m an employee using my personal device to work remotely. May I continue to do so?

It is recommended that an institution-issued device be used to work remotely. However, if a personal device is being used to conduct state business, prohibited technologies cannot be installed.

Is my home network now prohibited from allowing devices with prohibited technology from connecting to it?

No. Requirements set forth by objective four of the governor’s order for network restrictions are limited to institution-owned networks.

I’m an employee using my personal cell phone to text or call my coworkers about non-confidential work-related items. Is this allowed?

Yes, you are allowed to use your personal device to call or text your coworkers to conduct state business if you are not transmitting sensitive or confidential information.

I’m trying to purchase a piece of hardware and I want to make sure it is compliant. Where do I go to check?

DIR maintains a list of Prohibited Technologies, including software, applications, developers, hardware, equipment, and manufacturers, as well as technologies from any subsidiary or affiliate of an entity on DIR’s list (e.g., a software studio or child company partially owned by a listed entity).

The list is available here: https://dir.texas.gov/information-security/prohibited-technologies

I use my personal device to check my A&M System member email. Does it have to be enrolled in my institution's device management software?

No. Device management only applies to institution-owned devices.

Portions of the FAQs courtesy Texas State University.