Sec. 2054.515. AGENCY INFORMATION SECURITY ASSESSMENT AND REPORT. (a) At least once every two years, each state agency shall conduct an information security assessment of the agency's:
(1) information resources systems, network systems, digital data storage systems, digital data security measures, and information resources vulnerabilities; and
(2) data governance program with participation from the agency's data management officer, if applicable, and in accordance with requirements established by department rule.
Text of subsection as amended by Acts 2021, 87th Leg., R.S., Ch. 567 (S.B. 475), Sec. 7
(b) Not later than November 15 of each even-numbered year, the agency shall report the results of the assessment to:
(1) the department; and
(2) on request, the governor, the lieutenant governor, and the speaker of the house of representatives.
Text of subsection as amended by Acts 2021, 87th Leg., R.S., Ch. 856 (S.B. 800), Sec. 10
(b) Not later than December 1 of the year in which a state agency conducts the assessment under Subsection (a) or the 60th day after the date the agency completes the assessment, whichever occurs first, the agency shall report the results of the assessment to:
(1) the department; and
(2) on request, the governor, the lieutenant governor, and the speaker of the house of representatives.
(c) The department by rule shall establish the requirements for the information security assessment and report required by this section.
(d) The report and all documentation related to the information security assessment and report are confidential and not subject to disclosure under Chapter 552. The state agency or department may redact or withhold the information as confidential under Chapter 552 without requesting a decision from the attorney general under Subchapter G, Chapter 552.
Added by Acts 2017, 85th Leg., R.S., Ch. 683 (H.B. 8), Sec. 11, eff. September 1, 2017.
Amended by:
Acts 2019, 86th Leg., R.S., Ch. 573 (S.B. 241), Sec. 1.16, eff. September 1, 2019.
Acts 2021, 87th Leg., R.S., Ch. 567 (S.B. 475), Sec. 7, eff. June 14, 2021.
Acts 2021, 87th Leg., R.S., Ch. 856 (S.B. 800), Sec. 10, eff. September 1, 2021.
Structure Texas Statutes
Subtitle B - Information and Planning
Chapter 2054 - Information Resources
Subchapter N. -1. Cybersecurity
Section 2054.511. Cybersecurity Coordinator
Section 2054.512. Cybersecurity Council
Section 2054.514. Recommendations
Section 2054.515. Agency Information Security Assessment and Report
Section 2054.516. Data Security Plan for Online and Mobile Applications
Section 2054.518. Cybersecurity Risks and Incidents
Section 2054.5181. Cyberstar Program; Certificate of Approval
Section 2054.519. State Certified Cybersecurity Training Programs
Section 2054.5191. Cybersecurity Training Required: Certain Employees and Officials
Section 2054.5192. Cybersecurity Training Required: Certain State Contractors