Cybersecurity Training for State and Local Governments
Texas House Bill 3834
Enacted in 2020, this regulation requires that state employees complete annual mandatory training in cybersecurity awareness from a list of approved cyber security awareness training programs.
Who does Texas HB 3834 cover?
Texas HB3834 applies to state employees, but who falls within the scope of this bill? Below are the types of employees that are covered by HB 3834 training:
- State agencies: employees who work for state agencies and complete a minimum of 25% or more of their duties at a computer, as well as officers of the agency, both elected and appointed
- Local government entities: local government employees who have access to a computer system or database of the local government entity, and the local government’s elected officials
- Contractors of state agencies: contractors with access to state computer systems and databases must ensure completion of cybersecurity awareness training within the term of the contract as well as during the renewal period, if applicable.
What is a Certified Cybersecurity Training Program?
Texas Government Code 2054.519 State Certified Cybersecurity Training Programs requires Department of Information Resources (DIR), in consultation with the Texas Cybersecurity Council, to certify at least five cybersecurity training programs for state and local government employees and Section 2054.5191 requires state and local government employees and officials to complete a certified training program. The statute also requires state government contractors to complete a certified training program.
For school districts, annual training is required for the Cybersecurity Coordinator and elected/appointed officials who have access to local government systems and use a computer to perform 25% of their duties. Training of other school district employees is as determined by the district in consultation with the District Cybersecurity Coordinator.
Deer Park ISD uses Vendor-Provided KnowBe4 Cybersecurity Awareness Training for Texas to stay in compliance with HB3834.
Training Program CertificationTexas Government Code Section 2054.519(b) states that a cybersecurity training program must:
- Focus on forming information security habits and procedures that protect information resources
- Teach best practices for detecting, assessing, reporting, and addressing information security threats
For more information visit Department of Information Resources