Information Security Controls Catalog

The purpose of the Information Security Controls Catalog is to provide Texas state agencies and institutions of higher education with specific guidance for implementing security controls in a format to easily align with the National Institute of Standards and Technology Special Publications 800-53 Revision 5 (NIST 800-53 Revision 5).

This catalog specifies the minimum standards, required, to manage information security for all State of Texas agencies and their information resources.

Access Control | AC

Account Management | AC-2

Separation of Duties | AC-5

Least Privilege | AC-6

Unsuccessful Logon Attempts | AC-7

Permitted Actions without Identification or Authentication | AC-14

Remote Access | AC-17

Wireless Access | AC-18

Publicity Access Content | AC-22

Awareness & Training | AT

Literacy Training & Awareness | AT-2

Training Records | AT-4

Audit & Accountability | AU

Audit Record Review, Analysis, & Reporting | AU-6

Time Stamps | AU-8

Security Assessment & Authorization | CA

System Interconnections | CA-3

Security Authorization | CA-6

Configuration Management | CM

Impact Analysis | CM-4

Software Usage Restrictions | CM-10

User-Installed Software | CM-11

Contingency Planning | CP

Alternate Storage Site | CP-6

Information System Backup | CP-9

Identification & Authentication | IA

Identification & Authentication (Organizational Users) | IA-2

Authenticator Management | IA-5

Authenticator Feedback| IA-6

Re-Authentication | IA-11

Incident Response | IR

Incident Handling | IR-4

Incident Monitoring | IR-5

Incident Reporting | IR-6

Incident Response Assistance | IR-7

Maintenance | MA

Controlled Maintenance | MA-2

Maintenance Personnel | MA-5

Physical & Environmental Protection | PE

Physical Access Control | PE-3

Temperature & Humidity Controls | PE-14

Delivery & Removal | PE-16

Planning | PL

Rules of Behavior | PL-4

Program Management | PM

Information Security Program Plan | PM-1

Information Security & Privacy Resources | PM-3

Personnel Security | PS

Personnel Screening | PS-3

Personnel Termination | PS-4

Personnel Transfer | PS-5

Risk Assessment | RA

Risk Assessment | RA-3

Vulnerability Scanning | RA-5

System & Service Acquisition | SA

Allocation of Resources | SA-2

External Information System Services | SA-9

System & Communication Protection | SC

Boundary Protection | SC-7

Transmission Confidentiality & Integrity | SC-8

System & Information Integrity | SI

Malicious Code Protection | SI-3

Security Alerts, Advisories, & Directives | SI-5

Last updated: 3/13/2024

Contact Hours

Questions?