DMCA

FERPA, GLBA & HIPAA

Federal laws that require the confidentiality of information include:

PCI

Payment Card Industry (PCI) compliance on the Texas A&M University campus is ultimately the responsibility of the organization that has elected to accept credit cards for payment. The Texas A&M Division of Finance facilitates the capacity for departments/organizations to accept credit cards.

As part of PCI compliance, Texas A&M Technology Services provides the approval process of network architectures and prepares the firewalls for the PCI environments. Vulnerability scans can also be run against PCI systems to check for potential weaknesses.

Any questions concerning PCI compliance can be directed to security@tamu.edu.

PCI Resources:

Texas Prohibited Technologies

On December 7, 2022, Governor Greg Abbott required all state agencies (including state institutions of higher education) to ban the video sharing application TikTok and other prohibited technologies from all state-owned devices and networks over the Chinese Communist Party’s ability to use the application for surveilling Texans. Governor Abbott also directed the Texas Department of Public Safety (DPS) and the Texas Department of Information Resources (DIR) to develop a plan providing state agencies guidance on managing personal devices used to conduct state business.

On June 14, 2023, the state legislature passed SB 1893 which amdended Texas Government Code to add chapter 620: "USE OF CERTAIN SOCIAL MEDIA APPLICATIONS AND SERVICES ON GOVERNMENTAL ENTITY DEVICES PROHIBITED".

In July 2023 (updated Oct 2024), The Texas A&M University System Offices issued a systemwide security plan, and directed all members to implement “administrative, operational or technical security controls” as necessary to comply with the prohibited technologies directives. Texas A&M University is implementing all requirements of this plan through several different technical and administrative controls.

To seek an exception as allowed under the executive order, please contact the Office of the CISO.

Texas Administrative Code

Texas A&M, as a State University, is required to comply with Texas Administrative Code, Title 1, Chapter 202 (TAC 202). TAC 202 assigns the ultimate responsibility for the security of information resources to the President of the University.

Responsibility to administer the information security requirements of TAC 202 institution-wide is granted to the university's Chief Information Security Officer (CISO). The head or director of a unit is responsible for ensuring that compliance with TAC 202 is maintained for any information resources owned and operated by the unit.

Annual Risk Assessment

Sections 71 and 75 of TAC 202 require that a risk assessment be performed and documented by units having ownership or custodial responsibility of information resources. These assessments must be performed at least annually using the Information Security Risk Assessment Procedures (ISRAP) published by the Texas A&M CISO. The Dean or Vice President for the division in which the unit resides must formally approve the results of the information security assessment and any associated risk management plans.

Control Catalog

Section 76 of TAC 202 requires the adoption of information security controls published by the Texas Department of Information Resources. This means that all security controls found in the Texas A&M Information Security Controls Catalog are mandatory unless otherwise specified.

More Information

More information and specific procedures are described in Texas A&M University SAP 29.01.03.M0.01 - Security of Electronic Information Resources.