Statewide Cybersecurity Awareness Training

On this page:

About the Certified Cybersecurity Training Programs

Annual Timeline

Annual Training Requirements by Organization Type

Reporting Requirements

What is a Certified Cybersecurity Training Program? 

Texas Government Code 2054.519 State Certified Cybersecurity Training Programs requires DIR, in consultation with the Texas Cybersecurity Council, to certify at least five cybersecurity training programs for state and local government employees and Section 2054.5191 requires state and local government employees and officials to complete a certified training program. The statute also requires state government contractors to complete a certified training program.

Annual Timeline

Date Entity Description
Annually All government entities Train employees on certified training programs
March 15 - April 30 DIR DIR with consultation of the Texas Cybersecurity Council reviews requirements of the certified training programs
May 15 DIR Updated list of certification requirements published
June 1 Training providers and government entities Submission of training programs begins
July 31 Training providers Submission of training program ends
August 31 DIR New list of certified training providers published
August 31 All government entities Report completion of training submitted to DIR via the web form

Annual Training Requirements 

State and local governments are required to train their employees annually on a certified training program.

Employees required to complete the training are outlined in the table below.

Entity Type Training Required For Training Due Date
State Agencies*
  • Employees who use a government computer at least 25% of the employee's required duties
  • Elected or appointed officers of the agency
Annually
State Agency Contractors Contractors who have access to a state computer system or database During the term of the contract and during any renewal period
Local Governments
  • Employees, elected officials, and appointed officials who have access to a local government computer system or database and use a computer to perform at least 25 percent of their duties.
  • For school districts, only the district's cybersecurity coordinator is required to complete annual cybersecurity training.  Any other school district employee required to complete the cybersecurity training shall complete the training as determined by the district, with the district's cybersecurity coordinator. Elected officials are subject to the 25% usage threshold.
Annually

*State agency is defined in Chapter 2054 of Government Code, and includes a department, commission, board, office, council, authority, or other agency in the executive or judicial branch of state government that is created by the constitution or a statute of this state, including a university system or institution of higher education as defined by Section 61.003, Education Code. In addition, community colleges must comply with Texas Administrative Code Chapter 202 (TAC 202) and therefore must follow the training requirements for state agencies.

Exceptions to Training Requirements

The training requirements do not apply to employees and officials who have been:

  • Granted military leave;
  • Granted leave under the federal Family and Medical Leave Act of 1993 (29 U.S.C Section 2601 et seq.);
  • Granted leave related to a sickness or disability covered by workers' compensation benefits, if that employee no longer has access to the state agency's or local government's database and systems;
  • Granted any other type of extended leave or authorization to work from an alternative work site if that employee no longer has access to the state agency's or local government's database and systems; or
  • Denied access to a local government's computer system or database by the governing body of the local government or the governing body's designee for noncompliance with the training requirements. 

No exceptions exist for state agency contractors.

Reporting Training

Government entities must annually certify their compliance with the training requirements by August 31, using the Cybersecurity Training Certification for State and Local Governments

Government entities can track their compliance in any method they choose, and do not submit training records or employee certificates of completion to DIR. 

Training Programs 

Certified Training Programs

The list of certified training programs for FY 23-24 is below, and valid until August 31, 2024. Please note that these programs are certified for content, not other regulatory or statutory obligations.

Download the Certified Training Programs (PDF 362.86 KB)

Last Updated 08/31/2023

DIR Training Programs

DIR has developed a certified training. This video is being offered free of charge, in English and Spanish, to anyone who needs to meet the training requirements of Texas Government Code 2054.5191 or 2054.5192 and based on each organization's preference.  This training does not provide tracking or certificates for employees or employers; employers will need to track their employees' completion in a method of their own choosing. 

Cybersecurity Awareness Training FY 23-24 (English)

Cybersecurity Awareness Training FY 23-24 (Spanish)

DIR Training Tracker

DIR has an optional tool, Texas by Texas (TxT), for government entities to track their employees' training compliance. For entities using TxT, employees will report their training completion, and DIR will send reporting from the TxT application to each government entity to verify training compliance.  Organizations that wish to use TxT should indicate their interested by submitting the Texas By Texas Self Reporting Form.  More details and information about TxT will be provided to the organizations that plan to use TxT. 

Training Program Certification

Texas Government Code Section 2054.519(b) states that a cybersecurity training program must:

  1. Focus on forming information security habits and procedures that protect information resources; and
  2. Teach best practices for detecting, assessing, reporting, and addressing information security threats.

DIR, in consultation with the Texas Cybersecurity Council, publishes criteria for training programs to meet to be certified.

For FY 23-24, there is one new training program criterion: Best practices related to working remotely. Topics in this area may vary based on the audience and organizational policies, but some examples include guidelines for BYOD, managing home networks and network devices, VPN and public Wi-Fi usage, and/or common threats to remote workers.

Training programs that were certified in FY 22-23 and have had no changes can submit a recertification application beginning June 1. Recertifications will have an expedited review process and will only require submission of program content related to the new criterion.  Other training programs can submit a State and Local Government or Vendor application. 

FY 23-24 Security Awareness Training Program Certification Standards (PDF 102KB)

There is no cost to have a training program reviewed for certification.  Certifications are valid until August 31 and need to be renewed annually.

Training Program Certification Request

Applications for training program certifications are accepted annually from June 1 until July 31. 

Applications for FY 23-24 are no longer being accepted.  If you would like to request an exception, please contact [email protected].

Agencies must annually certify their employee and contractor training compliance by August 31, using the Cybersecurity Training Certification for State and Local Governments

Local governments must annually certify their training compliance by August 31, using the Cybersecurity Training Certification for State and Local Governments

Local governments can track their compliance in any method they choose, and will not submit training records or employee certificates of completion to DIR.  Local governments also do not have to report their audits to DIR. Local governments should retain documentation with their training and auditing records. 

DIR has an optional tool, Texas by Texas (TxT), for state and local governments to track their employees' training compliance. For governments using TxT, employees will report their training completion, and DIR will send reporting from the TxT application to each government entity to verify training compliance.  Organizations that wish to use TxT should indicate their interested by submitting the House Bill 3834 Texas By Texas Self Reporting Form.  More details and information about TxT will be provided to the organizations that plan to use TxT.  

Get Started

Find information and resources to certify your training program along with FAQs about training, reporting and program certification. 

About File Formats

Some documents on this page are in the PDF format. Please download the Adobe Reader in order to view these documents.