Information Security Controls Catalog


The Information Security Controls Catalog establishes the minimum standards and controls for university information security in accordance with the state's Information Security Standards for Institutions of Higher Education found in Title 1, Chapter 202, Texas Administrative Code (TAC 202). The purpose of this Control Catalog is to provide West Texas A&M University information owners and users with specific guidance for implementing security controls conforming to security control standards currently required in the Texas Department of Information Resources (DIR) Security Control Standards Catalog, Version 2.0. Each control group is organized under its two-letter group identification code and title, and adopts the numbering format of the DIR Security Control Standards Catalog.


The information resource owner or designee (e.g., custodian, user) is responsible for ensuring that the protection measures in the Security Control Catalog are implemented. Based on risk management considerations and business functions, the resource owner may request to exclude certain protection measures provided in a Control. All exclusions must be in accordance with the procedures highlighted in the Information Security Controls Exclusion Process.

Access Controls

Awareness and Training Controls

Accountability Audit and Risk Management Controls

Security Assessment and Authorization Controls

Configuration Management Controls

Contingency Planning Controls

Identification and Authentication Controls

Incident Response Controls

Physical and Environmental Protection Controls

Planning Controls

Program Management Controls

Personnel Security Controls

Risk Assessment Controls

System and Services Acquisition Controls

System and Communication Protection Controls

System and Information Integrity Controls

Supply Chain Risk Management Controls