Information Security
Statewide Cybersecurity Awareness Training
On this page:
About the Certified Cybersecurity Training Programs
Annual Timeline
Annual Training Requirements by Organization Type
Reporting Requirements
What is a Certified Cybersecurity Training Program?
Texas Government Code 2054.519 State Certified Cybersecurity Training Programs requires DIR, in consultation with the Texas Cybersecurity Council, to certify at least five cybersecurity training programs for state and local government employees and Section 2054.5191 requires state and local government employees and officials to complete a certified training program. The statute also requires state government contractors to complete a certified training program.
Annual Timeline
| Date | Entity | Description |
| Annually | All government entities | Train employees on certified training programs |
| March 15 - April 30 | DIR | DIR with consultation of the Texas Cybersecurity Council reviews requirements of the certified training programs |
| May 15 | DIR | Updated list of certification requirements published |
| June 1 | Training providers and government entities | Submission of training programs begins |
| July 31 | Training providers | Submission of training program ends |
| August 31 | DIR | New list of certified training providers published |
| August 31 | All government entities | Report completion of training submitted to DIR via the web form |
Annual Training Requirements
State and local governments are required to train their employees annually on a certified training program.
Employees required to complete the training are outlined in the table below.
| Entity Type | Training Required For | Training Due Date |
| State Agencies* |
|
Annually |
| State Agency Contractors | Contractors who have access to a state computer system or database | During the term of the contract and during any renewal period |
| Local Governments |
|
Annually |
*State agency is defined in Chapter 2054 of Government Code, and includes a department, commission, board, office, council, authority, or other agency in the executive or judicial branch of state government that is created by the constitution or a statute of this state, including a university system or institution of higher education as defined by Section 61.003, Education Code. In addition, community colleges must comply with Texas Administrative Code Chapter 202 (TAC 202) and therefore must follow the training requirements for state agencies.
Exceptions to Training Requirements
The training requirements do not apply to employees and officials who have been:
- Granted military leave;
- Granted leave under the federal Family and Medical Leave Act of 1993 (29 U.S.C Section 2601 et seq.);
- Granted leave related to a sickness or disability covered by workers' compensation benefits, if that employee no longer has access to the state agency's or local government's database and systems;
- Granted any other type of extended leave or authorization to work from an alternative work site if that employee no longer has access to the state agency's or local government's database and systems; or
- Denied access to a local government's computer system or database by the governing body of the local government or the governing body's designee for noncompliance with the training requirements.
No exceptions exist for state agency contractors.
Reporting Training
Government entities must annually certify their compliance with the training requirements by August 31, using the Cybersecurity Training Certification for State and Local Governments.
Government entities can track their compliance in any method they choose, and do not submit training records or employee certificates of completion to DIR.
Training Programs
Certified Training Programs
The list of certified training programs for FY 23-24 is below, and valid until August 31, 2024. Please note that these programs are certified for content, not other regulatory or statutory obligations.
Download the Certified Training Programs (PDF 362.86 KB)
Last Updated 08/31/2023
DIR Training Programs
DIR has developed a certified training. This video is being offered free of charge, in English and Spanish, to anyone who needs to meet the training requirements of Texas Government Code 2054.5191 or 2054.5192 and based on each organization's preference. This training does not provide tracking or certificates for employees or employers; employers will need to track their employees' completion in a method of their own choosing.
Cybersecurity Awareness Training FY 23-24 (English)
Cybersecurity Awareness Training FY 23-24 (Spanish)
DIR Training Tracker
DIR has an optional tool, Texas by Texas (TxT), for government entities to track their employees' training compliance. For entities using TxT, employees will report their training completion, and DIR will send reporting from the TxT application to each government entity to verify training compliance. Organizations that wish to use TxT should indicate their interested by submitting the Texas By Texas Self Reporting Form. More details and information about TxT will be provided to the organizations that plan to use TxT.
Training Program Certification
Texas Government Code Section 2054.519(b) states that a cybersecurity training program must:
- Focus on forming information security habits and procedures that protect information resources; and
- Teach best practices for detecting, assessing, reporting, and addressing information security threats.
DIR, in consultation with the Texas Cybersecurity Council, publishes criteria for training programs to meet to be certified.
For FY 23-24, there is one new training program criterion: Best practices related to working remotely. Topics in this area may vary based on the audience and organizational policies, but some examples include guidelines for BYOD, managing home networks and network devices, VPN and public Wi-Fi usage, and/or common threats to remote workers.
Training programs that were certified in FY 22-23 and have had no changes can submit a recertification application beginning June 1. Recertifications will have an expedited review process and will only require submission of program content related to the new criterion. Other training programs can submit a State and Local Government or Vendor application.
FY 23-24 Security Awareness Training Program Certification Standards (PDF 102KB)
There is no cost to have a training program reviewed for certification. Certifications are valid until August 31 and need to be renewed annually.
Training Program Certification Request
Applications for training program certifications are accepted annually from June 1 until July 31.
Applications for FY 23-24 are no longer being accepted. If you would like to request an exception, please contact [email protected].
Agencies must annually certify their employee and contractor training compliance by August 31, using the Cybersecurity Training Certification for State and Local Governments.
Local governments must annually certify their training compliance by August 31, using the Cybersecurity Training Certification for State and Local Governments.
Local governments can track their compliance in any method they choose, and will not submit training records or employee certificates of completion to DIR. Local governments also do not have to report their audits to DIR. Local governments should retain documentation with their training and auditing records.
DIR has an optional tool, Texas by Texas (TxT), for state and local governments to track their employees' training compliance. For governments using TxT, employees will report their training completion, and DIR will send reporting from the TxT application to each government entity to verify training compliance. Organizations that wish to use TxT should indicate their interested by submitting the House Bill 3834 Texas By Texas Self Reporting Form. More details and information about TxT will be provided to the organizations that plan to use TxT.
Get Started
Find information and resources to certify your training program along with FAQs about training, reporting and program certification.