Office of Information Technology

Overview

The Information Security Control Catalog establishes the minimum standards and controls for university information security in accordance with the state's Information Security Standards for Institutions of Higher Education found in Title 1, Chapter 202, Texas Administrative Code (TAC 202).

This Control Catalog aims to provide Texas A&M International University information owners and users with specific guidance for implementing security controls conforming to security control standards currently required in the Texas Department of Information Resources (DIR) Security Control Standards Catalog.

Each control group is organized under its two-letter group identification code and title, and the numbering format of the DIR Security Control Standards Catalog is adopted.

Public Vulnerability Disclosure Program

We are committed to maintaining a safe and secure environment for our users and the broader community. As part of our ongoing efforts to protect against potential threats, we encourage the responsible disclosure of security vulnerabilities in our products, services, and systems.

If you discover a vulnerability, we ask that you please follow the guidelines below to report it:

1. Report Responsibly: Please submit your findings privately, ensuring that the details are not shared publicly until we have had an opportunity to review and address the issue.
2. Provide Detailed Information: Include a clear and concise description of the vulnerability, steps to reproduce it, and any other relevant information that can assist our Security team in verifying and addressing the issue.
3. No Exploitation: We ask that you refrain from exploiting the vulnerability or accessing any data you are not authorized to view. The goal is to make the system safer for everyone, not cause harm.
4. Respect Privacy: If the vulnerability involves sensitive data, please do not access or disclose that data without authorization.

Our Commitment:

• We will acknowledge the receipt of your report as soon as possible.
• We will work to resolve the vulnerability promptly and keep you informed on the status.
• We aim to issue fixes and security updates as quickly as possible.
• When appropriate, we will publicly disclose the vulnerability and credit you for your contribution to making our systems more secure.

Thank you for helping us improve the security of our systems and protecting our community. Your efforts are vital in keeping everyone safe.

Please submit your report at https://cyber.tamus.edu/vuln-report/.

Texas A&M University System Cyber Operations serves as the central point of contact for public reporting of vulnerabilities in organizational systems and system components. Upon receiving a report from a public source, Cyber Operations will validate the report, determine the scope of impact across system members, implement global countermeasures to mitigate the immediate impact of the reported vulnerabilities across all affected members, and coordinate with information resource custodians to remediate the reported vulnerabilities for specific affected information systems.

Exclusions

The information resource owner or designee (e.g., custodian, user) is responsible for implementing the Security Control Catalog protection measures. Based on risk management considerations and business functions, the resource owner may request to exclude certain protection measures provided in a Control. All exclusions must be in accordance with the procedures highlighted in the Information Security Controls Exclusion Process.

Information Security
Office of Information Technology

Other Security Information

Cyber Awareness and Security