Texas TAC 220 Compliance and Assessment Guide Excel Free Download


What is Texas TAC 220?

Back in 2002, Legacy TAC 202 established a standard of security for Texas state agencies and institutions of higher education.

Setting security standards at the federal level is the Federal Information Security Management Act (FISMA). FISMA requires federal agencies and their contractors to secure their information systems and assets. The National Institute of Standards and Technology (NIST) develops standards and guidelines for FISMA.

TAC 202 has been revised to move it closer to FISMA and NIST 800-53. The Revised TAC covers agency responsibilities and includes a Control Standards Catalog.

Below you will see how the Revised TAC 202 aligns more closely with FISMA.

chart displaying how revised TAC 202 aligns with FISMA


Not all controls have been implemented when the Revised Texas TAC 202 went into effect in February 2015. Only the controls required in Legacy TAC  were required in 2015. The remaining controls will be sequenced as stated below:

Implementation Deadlines

Control Standards Catalog

The Control Standards Catalog was initiated to help state agencies and higher education institutions implement security controls. It specifies the minimum information security requirements that state organizations must comply to provide the appropriate level of security to the level of risk.

Click to see the new Control Standards Catalog.

Control Crosswalk

The Control Crosswalk maps Revised Texas TAC 202 to industry standards, regulatory requirements and compliance mandates. It relates the controls specified in Revised Texas TAC 202 to other requirements that agencies and higher education institutions may have for protecting information and systems.

The Control Crosswalk allows you to consolidate a lot of steps.  With the Control Crosswalk, you’ll be able to see at a glance how those requirements (fortate requirements, federal requirements, and even certain industry-specific requirements) intersect and prioritize your efforts.

Texas TAC 220 Risk Assessment and Gap Assessment

As part ofTexas TAC 220, your organization is required to have a formal risk assessment from a qualified 3rd party firm. Our comprehensive assessments are designed to help you prepare for your Texas TAC 220 audit, and our patented risk management methodology will save your company time and money by creating a customized control framework mapping, designed specifically for your organization.

>>Contact us for more information.

Texas TAC 220 Penetration Test

NightLion Security provides the advanced penetration testing services for web applications, databases, and internal infrastructure needed to protect your sensitive cardholder data and comply with Texas TAC 220.

>> Contact us for more information.

Texas TAC 220 Compliance Guide in XLS / CSV format

Subscribe to Download
Subscribe to immediately download your file

Oops! We could not locate your form.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.