Texas A&M UniversityTechnology Services

Search this Site

Texas A&M University | Technology Services
Texas A&M UniversityTechnology Services
Implementing Executive Orders

Texas Prohibited Technologies

Background and Legal Authority

Texas A&M University must prohibit certain technologies and applications on state-owned devices and networks, and restrict their use on personal devices used for state business.

December 7, 2022

Governor Greg Abbott issued a directive requiring all state agencies to ban TikTok and other technologies from state-owned devices and networks due to national security concerns over potential surveillance capabilities.

June 14, 2023

The Texas Legislature passed Senate Bill 1893, adding Texas Government Code Chapter 620, which legally prohibits covered applications on governmental entity devices.

October 2024

The Texas A&M University System issued a comprehensive security plan requiring all member institutions to implement administrative, operational, and technical controls to comply with prohibited technology directives.

These requirements are now enforced through System Regulation 29.01.06 Covered Applications and Prohibited Technologies, which applies to all employees, contractors, interns, and users of university-owned networks.

What Technologies Are Prohibited?

There are two categories of restrictions:

  1. Covered Applications: Primarily social media applications like TikTok that are banned from institution-owned devices.
  2. Prohibited Technologies: A broader set of hardware and software products specified by the Texas Department of Information Resources (DIR) that have restrictions on both institution-owned and personally-owned devices used for state business.

DIR maintains the official list of prohibited technologies and covered applications at dir.texas.gov/information-security/covered-applications-and-prohibited-technologies. Both the hardware and software lists maintained by DIR include the blanket prohibition of “any subsidiary or affiliate of an entity listed above”. Only the System Office of General Counsel can determine whether a particular technology qualifies as a “subsidiary or affiliate” for the purposes of this regulation. Contact the IT Risk Management office (it-security@tamu.edu) with any questions, or for clarification about specific technologies.

Impact on University Operations

  • Institution-owned devices cannot have prohibited technologies installed or access covered applications.
  • Personal devices used for state business cannot have prohibited technologies installed while conducting university work.
  • University networks may block access to prohibited technologies and restrict devices with these technologies.
  • Purchasing decisions must consider whether hardware or software appears on the prohibited list.

Requesting Exceptions

Limited exceptions may be available for some prohibited technologies (but not for covered applications like TikTok):

  • Contact the Office of the CISO to request an exception
  • Provide detailed business justification for the technology
  • Exceptions require approval from the university president
  • No exceptions are permitted for covered applications under TGC Chapter 620

Frequently Asked Questions

Can I use TikTok on my personal device while on campus?

The university does not manage personal devices, but users with prohibited technologies may be blocked from university networks and prohibited from entering sensitive locations.

I'm a student employee. Can I have prohibited technologies on my personal device?

You may have prohibited technologies on your personal device, but you cannot conduct state business (university work) from that device while the prohibited technology is installed.

I’m a staff or faculty employee, and I use my personal phone to check my email or login to some university applications like Banner or Workday. Can I have prohibited technologies on my phone?

No, you cannot have prohibited technologies on any device that is used to conduct state business — and accessing your university-provided email or applications like Workday or Banner count as state business. You must uninstall any prohibited technologies from that personal device, or stop using it to conduct state business.

Can I use my personal device with prohibited technologies for multi-factor authentication?

Yes, using your personal device for Duo MFA notifications is not considered conducting state business under this prohibition.

What if I need to use a prohibited technology for my research or teaching?

Contact your university's information security office for guidance. You may be able to request an exception with proper justification.

How do I check if a technology I want to purchase is prohibited?

Check the DIR prohibited technologies list before making any purchases. When in doubt, consult with your local IT department or the Office of the CISO (it-security@tamu.edu).

I currently use prohibited technology for work. What should I do?

Discontinue use immediately and contact the IT Risk Management office (it-security@tamu.edu) for guidance on approved alternatives.

Last Modified: August 11, 2025