On February 6, 2023, Governor Greg Abbott released the requiredmodel plan for prohibited devices, developed jointly by the Texas Department of Public Safety (DPS) and the Texas Department of Information Resources (DIR), to protect Texas' information and infrastructure. This model plan includes state-prohibited technologies, required objectives, and the mandatory development and implementation of state agencies' policies, procedures, and objectives.
The model plan for prohibited technologies includes five objectives for every Texas state agency and institution of higher education, including their employees, students, contractors, interns, and any users of state-owned networks.
View the five objectives below and a summary of their impact on Sam Houston State University.
Objective 1:
Ban and prevent the download and use of prohibited technologies on any
state-issued device.
Impact on SHSU: All university-owned devices will be enrolled in Device Management (DM) software to detect prohibited technologies and enhance the ability for the university to maintain security over its equipment and data.
Objective 2:
Prohibit employees or contractors from conducting state business on prohibited technology-enabled personal devices.
Impact on SHSU: Faculty, staff, contractors, interns, and student workers are prohibited from
installing, using, or operating prohibited technologies on any personally owned device used to conduct university business.
For the purposes of this objective, University Business is defined as employees or contractors accessing component-owned information resources including, but not limited to, data, information systems, email accounts, non-public facing communications, telecommunication systems, and video conferencing.
Objective 3:
Identify sensitive locations, meetings, or personnel within an agency that could be exposed to prohibited technology-enabled personal devices and deny those devices entry or use in these sensitive areas.
Impact on SHSU:
“Sensitive locations” are physical or logical (such as video conferencing or electronic meetings) locations designated as a place routinely used by university employees or contractors to discuss confidential or sensitive information. SHSU will identify and designate sensitive locations requiring additional protection and implement appropriate measures in accordance with the plan.
Required measures may include physical signage, prohibiting unauthorized devices from entering the locations, and requiring visitors to adhere to the same requirements unless the visitor is the owner or subject of the meeting, as would be the case when a student speaks with their professor, academic advisor, or counselor.
Spaces that are not inherently designated as a “sensitive location” may still be used to facilitate customary and essential communications and practices inherent to higher education. Additional and/or alternative safeguards may be applicable to minimize the effect of incidental information disclosures that may occur in such spaces (e.g., classrooms used for academic courses, lobbies, or waiting rooms).
Objective 4:
Implement network-based restrictions to prevent the use of prohibited technologies on agency networks by any device.
Impact on SHSU: SHSU will block access to prohibited technologies on all SHSU networks, except Residence Hall networks, to prevent the download, installation, and/or communication of devices to prohibited technologies. Personal devices with prohibited technologies will be prohibited from connecting to university networks.
Objective 5:
Coordinate the incorporation of any additional technology that poses a threat to state's sensitive information and critical infrastructure into this plan.
Impact on SHSU: The Texas Department of Information Resources (DIR) and The Department of Public Safety (DPS) will update the list of prohibited technologies as necessary. SHSU will use the list to implement the removal and prohibition of prohibited technologies and prohibit the use, acquisition, and/or reimbursement for purchases of any prohibited technologies.
As detailed in theStandards for Technologies Prohibited by Regulation, exceptions to the TSUS prohibited technologies policy may only be authorized by the university’s President and must be reported to the DIR.
