Statewide Cybersecurity Awareness Training
On this page:
About the Certified Cybersecurity Training Programs
Annual Training Requirements by Organization Type
House Bill 1118 (87R) amends some of the cybersecurity training requirements for state and local governments. Here is a link to the bill text. Organizations are encouraged to confer with their legal counsel concerning specific requirements, or if there are additional questions. DIR will have the new certification form in place for the next training cycle for entities to verify compliance.
What is a Certified Cybersecurity Training Program?
Texas Government Code 2054.519 State Certified Cybersecurity Training Programs requires DIR, in consultation with the Texas Cybersecurity Council, to certify at least five cybersecurity training programs for state and local government employees and Section 2054.5191 requires state and local government employees to complete a certified training program. The statute also requires state and local government employees to complete a certified training program. The sections that follow explain the annual timeline for certification of trainings, the training and reporting requirements for state agencies, local governments, and contractors, the certification requirements for cybersecurity training programs, and a listing of certified programs.
|Annually||All government entities||Train employees on certified training programs|
|March 15 - April 30||DIR||DIR with consultation of the Texas Cybersecurity Council reviews requirements of the certified training programs|
|May 15||DIR||Updated list of certification requirements published|
|June 1||Training providers and government entities||Submission of training programs begins|
|July 31||Training providers||Submission of training program ends|
|August 31||DIR||New list of certified training providers published|
|August 31||All government entities||Report completion of training submitted to DIR via the web form|
Annual Training Requirements
State and local governments are required to train their employees annually on a certified training program.
Employees required to complete the training are outlined in the table below.
|Entity Type||Training Required For||Training Due Date|
|State Agency Contractors||Contractors who have access to a state computer system or database||During the term of the contract and during any renewal period|
*State agency is defined in Chapter 2054 of Government Code, and includes a department, commission, board, office, council, authority, or other agency in the executive or judicial branch of state government that is created by the constitution or a statute of this state, including a university system or institution of higher education as defined by Section 61.003, Education Code. In addition, community colleges must comply with Texas Administrative Code Chapter 202 (TAC 202) and therefore must follow the training requirements for state agencies.
Exceptions to Training Requirements
The training requirements do not apply to employees and officials who have been:
- Granted military leave;
- Granted leave under the federal Family and Medical Leave Act of 1993 (29 U.S.C Section 2601 et seq.);
- Granted leave related to a sickness or disability covered by workers' compensation benefits, if that employee no longer has access to the state agency's or local government's database and systems;
- Granted any other type of extended leave or authorization to work from an alternative work site if that employee no longer has access to the state agency's or local government's database and systems; or
- Denied access to a local government's computer system or database by the governing body of the local government or the governing body's designee for noncompliance with the training requirements.
No exceptions exist for state agency contractors.
Government entities must annually certify their compliance with the training requirements by August 31, using the Cybersecurity Training Certification for State and Local Governments. Note: The certification form will be updated for FY 21-22.
Government entities can track their compliance in any method they choose, and do not submit training records or employee certificates of completion to DIR.
Certified Training Programs
The list of certified training programs for FY 21-22 is below, and valid until August 31, 2022. Please note that these programs are certified for content, not other regulatory or statutory obligations.
Last Updated 11/22/2021
DIR Training Programs
DIR has developed a certified training. This video is being offered free of charge, in English and Spanish, to anyone who needs to meet the training requirements of Texas Government Code 2054.5191 or 2054.5192, and based on each organization's preference. This training does not provide tracking or certificates for employees or employers; employers will need to track their employees' completion in a method of their own choosing.
DIR Training Tracker
DIR has an optional tool, Texas by Texas (TxT), for government entities to track their employees' training compliance. For entities using TxT, employees will report their training completion, and DIR will send reporting from the TxT application to each government entity to verify training compliance. Organizations that wish to use TxT should indicate their interested by submitting the Texas By Texas Self Reporting Form. More details and information about TxT will be provided to the organizations that plan to use TxT.
Training Program Certification
Texas Government Code Section 2054.519(b) states that a cybersecurity training program must:
- Focus on forming information security habits and procedures that protect information resources; and
- Teach best practices for detecting, assessing, reporting, and addressing information security threats.
DIR, in consultation with the Texas Cybersecurity Council, publishes criteria for training programs to meet to be certified.
There is no cost to have a training program reviewed for certification. Certifications are valid until August 31 and need to be renewed annually.
Training Program Certification Request
Applications for training program certifications are accepted annually from June 1 until July 31.
Applications for FY 21-22 training program certifications are no longer being accepted. If you'd like to request an exception, contact TxTrainingCert@dir.texas.gov.
Application Guide for Training Program Certification
Prepare your training program submission in advance by reviewing the application guide.
FY 21-22 Application Guide (PDF 292.75KB)
Local governments must annually certify their training compliance by August 31, using the Cybersecurity Training Certification for State and Local Governments.
Local governments can track their compliance in any method they choose, and will not submit training records or employee certificates of completion to DIR. Local governments also do not have to report their audits to DIR. Local governments should retain documentation with their training and auditing records.
DIR has an optional tool, Texas by Texas (TxT), for state and local governments to track their employees' training compliance. For governments using TxT, employees will report their training completion, and DIR will send reporting from the TxT application to each government entity to verify training compliance. Organizations that wish to use TxT should indicate their interested by submitting the House Bill 3834 Texas By Texas Self Reporting Form. More details and information about TxT will be provided to the organizations that plan to use TxT.
Find information and resources to certify your training program along with FAQs about training, reporting and program certification.