Texas SB 820 Cybersecurity Law

ComplianceForge Support ComplianceForge Support
September 1st, 2019 2 minute read

Listen to article
Audio generated by DropInBlog's Blog Voice AI™ may have slight pronunciation nuances. Learn more

Texas SB 820 goes into effect on 1 September 2019 that requires every school district in Texas to adopt a cybersecurity policy, manage cybersecurity risk and assign a coordinator to oversee cybersecurity matters. This is a very concise law that can be read Texas SB 820

The main requirements are:

(b) Each school district shall adopt a cybersecurity policy to:

(1) secure district cyberinfrastructure against cyber attacks and other cybersecurity incidents; and

(2) determine cybersecurity risk and implement mitigation planning.

(d) The superintendent of each school district shall designate a cybersecurity coordinator to serve as a liaison between the district and the agency in cybersecurity matters.

(e) The district's cybersecurity coordinator shall report to the agency any cyber attack or other cybersecurity incident against the district cyberinfrastructure that constitutes a breach of system security as soon as practicable after the discovery of the attack or incident.

(f) The district's cybersecurity coordinator shall provide notice to a parent of or person standing in parental relation to a student enrolled in the district of an attack or incident for which a report is required under Subsection (e) involving the student's information.

The good news is ComplianceForge has products to address this new law. We have policies, standards, procedures, incident response plans and more!

« Back to Blog

Related Articles

​Need procedures for CMMC?

1 minute read

October 30th, 2020

NIST 800-171 Basic Assessment Reporting To SPRS

1 minute read

November 12th, 2020

Cybersecurity Management Threat

12 minute read

March 16th, 2021

NIST SP 800‑53 R5 Control Families

This release includes a total of 1,189 controls, organized into 20 families:

  1. Access Control
  2. Awareness & Training
  3. Audit & Accountability
  4. Assessment, Authorization & Monitoring
  5. Configuration Management
  6. Contingency Planning
  7. Identification & Authentication
  8. Incident Response
  9. Maintenance
  10. Media Protection
  11. Physical & Environmental Protection
  12. Planning
  13. Program Management
  14. Personnel Security
  15. Personally Identifiable Information (PII) Processing & Transparency
  16. Risk Assessment
  17. System & Services Acquisition
  18. System & Communications Protection
  19. System & Information Integrity
  20. Supply Chain Risk Management

This count includes deprecated controls that have been removed or folded into others. Some controls are not categorized under baselines—low, moderate, high, or privacy—per NIST SP 800‑53B.

ComplianceForge provides full 1:1 mapping of all 20 families and their controls in its CDPP documentation.

!