The information contained in this document is intended to assist in the implementation of an adequate computer security program for the protection of automated information resources within the various agencies of state government. The standards and guidelines contained herein constitute what the Department of Information Resources considers to be minimum requirements and are not intended to encompass all security concerns which a specific agency may encounter.
The security STANDARDS and POLICY set forth in this document have been adopted in Texas Administrative Code (1 TAC 201.13(b)) and as such should be considered as required procedures and controls to be implemented as part of an agency's information security program. The optional GUIDELINES contained herein are to assist agencies in the interpretation and implementation of the STANDARDS and are recommended as effective security practices which should be implemented where such controls are applicable, as determined by agency management.
Security standards serve as a basis for creation of common ground among agencies in the protection of the state's vital information resources. This common ground promotes safeguards in the sharing of data and trust in the interoperability among agencies in the performance of their responsibilities to the people of Texas.
The department encourages each agency to fully evaluate these standards and guidelines to determine whether more stringent requirements are necessary and appropriate given the individual agency's authority and duties, and directs each agency to complete implementation of an information resources security program consistent with these standards on or before September 1, 1997.