Information Security Program Plan (PM-1)

Under Texas Administrative Code §202.74, Institution Information Security Program, the university shall implement an information security program that includes protections, based on risk, for all information and information resources against unauthorized access, use, disclosure, modification, or destruction, including assuring the availability, confidentiality, and integrity of information.

Senior Information Security Officer (PM-2)

Texas A&M, as a State University, is required to comply with Texas Administrative Code, Title 1, Chapter 202 (TAC 202). The TAC 202 assigns responsibility for the protection of information resources to the President of the University. For the purposes of this Control, the authority and responsibility regarding the university’s compliance with TAC 202 have been delegated by the President to the Chief Information Officer (CIO).

Information Security Resources (PM-3)

Texas Administrative Code (TAC), Rule §202.70(2) requires the head of each state institution of higher education or his/her designated representative(s) to allocate resources for ongoing information security remediation, implementation, and compliance activities that reduce risk to a level acceptable to the institution head.

Plan of Action and Milestone Process (PM-4)

The University shall develop and update, a plan of action and milestone process for security information resources that document the University’s planned, implemented, and evaluated remedial actions to correct deficiencies noted during the assessment of the security controls in order to reduce or eliminate known vulnerabilities in the system.

Information System Inventory (PM-5)

To properly assess risk for the University, information resource assets shall be clearly identified and inventoried.

Information Security Measures of Performance (PM-6)

Information Security Measures of Performance include assessments of risk, identification of corrective actions, and mitigation efforts to secure University information resources.

Enterprise Architecture (PM-7)

Reviewing the implementation of new technology infrastructure or modifications to existing technology infrastructure ensures that the use of information resources is in line with strategic goals.

Threat Awareness Program (PM-16)

The University is responsible for establishing and promoting a suitable and relevant threat awareness program to enhance awareness of University information security policies and procedures.