We have added a new section to the Cybersecurity website to serve as a central landing place for all information relating to identity security.
The page is available at https://www.cyber.tamus.edu/identity.
The Texas A&M System Security Control Standards Catalog was updated today to incorporate NIST SP 800-53 Release 5.2.0. The update also included a cosmetic change to the catalog generation code to zero-pad control and enhancement numbers, consistent with NIST SP 800-53.
Effective immediately, the Texas A&M System is updating its guidance on multi-factor authentication (MFA) to enhance security across all system members.
The guidance is published at https://www.cyber.tamus.edu/restricted/guidelines/mfa.
As a result of recent federal and state government requirements and recommendation from General Counsel, the Texas A&M System has implemented a minimum standard of blocked countries for all publicly-accessible system information resources. This standard is reflected in the newly added system required control SC-07(11). The list of blocked countries is published at https://sso.tamus.edu/BlockedCountries.aspx and may be updated as circumstances dictate.
System Regulation 29.01.06 was released last week, which implements what was previously a policy letter from the System CIO to all members addressing covered applications and prohibited technology.
The guidelines page at https://www.cyber.tamus.edu/policy/guidelines/prohibited-technology/ has been updated to reflect these changes. The regulation is also available at https://policies.tamus.edu/29-01-06.pdf.
Today, TAMUS Cybersecurity released updated incident notification guidance for members to report incidents where the confidentiality, integrity, or availability of a member high-impact information system, or a system processing confidential information, is potentially compromised.
The updated guidance is available at https://www.cyber.tamus.edu/policy/guidelines/incident-notification/.
On January 31, 2025, DIR released an update to the prohibited technologies list to include the following software, applications, and developers:
We have released a set of frequently asked questions (FAQs) relating to covered applications and prohibited technology.
The FAQ page is available at https://www.cyber.tamus.edu/policy/guidelines/prohibited-technology/faq/.
As part of our implementation of security control standard RA-05(11), Public Disclosure Program, today we implemented a consolidated public reporting system for vulnerabilities of Texas A&M system information resources. Information regarding the program and the vulnerability reporting form is available at https://www.cyber.tamus.edu/vulnerability-disclosure-policy/.
We have also released the first version of a TAMUS standardized security.txt, a file format to aid in security vulnerability disclosure specified by RFC 9116. This file is published at https://www.cyber.tamus.edu/.well-known/security.txt and is also available for members to use on their respective institution websites.
We released today a series of administrative changes to the security control standards. The majority of these changes moved TAMUS Implementation Statement language into organizationally-defined parameters (ODP) within each control, as well as implementing control standards that reflect existing system policy and assigning an impact baseline for all TAMUS-required controls.