Texas House Bill 3834
In June of 2019, Texas State Legislature passed HB 3834, a bill requiring local and state government employees, and even state contractors, to complete a Department of Information Resources (DIR) approved cybersecurity awareness training program
Cyber Security Awareness Training
What is the purpose of Texas HB 3834?
Hackers are now targeting local and state municipalities across the country. In August of 2019 Texas alone, a cyber attack hit 23 Texas municipalities with a Ransomware attack
In fact, as I write this I just learned yet another Texas municipality Grayson county has been hit.
What constitutes a local government?
As defined in Chapter 2054 of Texas Government Code, local government includes a county, municipality, special district, school district, or other political subdivision of the state.
Do local governments have to use a certified training program?
Yes, local governments must use a certified training program, unless the local government employs a ‘dedicated information resources cybersecurity officer’ and has a cybersecurity training program that satisfies the requirements.
Which local government employees are required to complete annual cybersecurity awareness training?
Local government employees who have access to a local government computer system or database and elected officials are required to complete annual cybersecurity awareness training.
Do contractors of local governments have to complete cybersecurity awareness training?
No, the contractor training requirement only applies to state agencies. However, ensuring that contractors have appropriate awareness of cybersecurity best practices can be beneficial to any organization.
What is the definition of "dedicated information resources cybersecurity officer"?
An employee who: 1.) has responsibility for information security for their represented organization; 2.) possesses the training and experience required to administer cybersecurity functions; and 3.) has information security duties as their primary duty (primary is defined as greater than 50% of the employee's workload).
What steps are required to request a dedicated cybersecurity officer exception?
The cybersecurity officer will need to submit a form confirming they meet the exception requirements. Use the online Local Government Cybersecurity Training & Awareness Program Exception Form to submit an exception request.
If elected officials of the local government organization do not have access to a local government computer system or database, are they required to complete cybersecurity training?
Yes, elected officials are required to complete cybersecurity training regardless of whether they have access to a local government computer system or database.
How is the governing body defined?
As defined in Section 332 of Local Government Code, governing body means a governing body of a municipality or commissioners court of a county, or another body acting in place of the municipal governing body or commissioners court.
Do part-time employees of local governments have to complete cybersecurity training?
If part-time employees have access to a local government computer system or database, then yes, they are required to complete training.
Do appointed officials of local governments have to complete cybersecurity awareness training?
No, the local government training requirements apply to employees and elected officials. However, ensuring that everyone has appropriate awareness of cybersecurity best practices can be beneficial to any organization.