Technologies Prohibited by Regulation

On February 6, 2023, the State of Texas released a model plan as required by Governor Greg Abbott’s December 7, 2022, directive banning Tik Tok on all state agency owned devices and networks. This model plan includes additional Prohibited Technologies and detailed objectives intended to protect the state’s information resources and infrastructure. Additionally, the 88^th Texas Legislature adopted Texas Government Code Chapter 620 (TGC §620) on June 14, 2023. This government code addresses the use of certain social media applications known as Covered Applications.

The model plan concerning Prohibited Technologies and TGC §620 requires each state agency to develop its own policies and procedures to support the implementation of these requirements. This page supports the Division of Information Technology and Texas State University in fulfilling this obligation and is a complement to Texas State’s Standards for Technologies Prohibited by Regulation and the Texas State University System’s Technologies Prohibited by Regulation Policy.

As required by the State of Texas, there are five (5) objectives applicable to every state agency and institution of higher education in Texas, including their employees, contractors, interns, and any users of state-owned networks. The following section includes the objectives and a summary of how these objectives impact Texas State University (TXST) and its constituents. The model plan for Prohibited Technologies can be viewed here and TGC §620 can be found here.

Expand FAQ List

Objective 1: Prohibit the download and use of prohibited technologies on any state-issued device.

Impact on TXST users: All university-owned devices must be enrolled in Device Management (DM) software that will enforce restrictions on Prohibited Technologies and Covered Applications, and provide greater abilities for the university to maintain control over its equipment and data.
Objective 2: Prohibit employees and contractors from conducting state business on prohibited technology-enabled personal devices.

Impact on TXST users: Faculty, staff, contractors, interns, and student workers are prohibited from installing, using, or operating prohibited technologies on any personally owned device used to conduct state business (i.e., university business).
For the purposes of this objective, "State Business" is defined as employees or contractors accessing university-owned information resources including, but not limited to, data, information systems, email accounts, non-public facing communications, telecommunication systems, and video conferencing.
Objective 3: Identify sensitive locations, meetings, and personnel within an agency that could be exposed to prohibited technology-enabled devices.

Impact on TXST users: “Sensitive locations” are physical or logical locations intentionally designated as a place routinely used by university employees or contractors to discuss confidential or sensitive information. TXST will identify and designate sensitive locations requiring additional protection and implement appropriate measures in accordance with the plan.
Required measures may include physical signage, prohibiting unauthorized devices from entering the locations, and requiring visitors to adhere to the same requirements unless the visitor is the owner or subject of the meeting, as would be the case when a student speaks with their professor, academic advisor, or counselor.
Spaces that are not inherently designated as a “sensitive location” may still be used to facilitate customary and essential communications and practices inherent to higher education. Additional and/or alternative safeguards may be applicable to minimize the effect of incidental information disclosures that may occur in such spaces (e.g., classrooms used for academic courses, lobbies, or waiting rooms).
Objective 4: Implement network-based restrictions to prevent the use of prohibited technologies on agency networks by any prohibited technology-enabled personal device.

Impact on TXST users: TXST will block access to prohibited technologies on all TXST networks, except Residence Hall networks, to prevent the download, installation, and/or communication of devices to prohibited technologies. Personal devices with prohibited technologies will be prohibited from connecting to university networks.
Objective 5: Coordinate the incorporation of any additional technology that poses a threat to state’s sensitive information and critical infrastructure into this plan.

Impact to TXST users: The Texas Department of Information Resources (DIR) and The Department of Public Safety (DPS) will update the list of prohibited technologies as necessary. TXST will leverage the list to implement the removal and prohibition of prohibited technologies and prohibit the use, acquisition, and/or reimbursement for purchases of any prohibited technologies.

Exceptions

Covered Applications: Exceptions for Covered Applications may only be approved to enable law-enforcement or information security measures. No other exceptions may be authorized for Covered Applications.

Prohibited Technologies: As detailed in the Standards for Technologies Prohibited by Regulation, exceptions to the TSUS Technologies Prohibited by Regulation policy may only be authorized by the university’s President and must be reported to the DIR.

To request an exception, begin by submitting the Exception Request Form.
If you have questions or need to report use of prohibited technologies, contact us by completing this brief form.

FAQs

Expand FAQ List

General Questions

What’s the difference between a Covered Application and a Prohibited Technology?

Covered Applications	Prohibited Technologies
Limited to certain social media applications and services (e.g., TikTok)	Encompasses a broad set of software and hardware products and services
Prohibition only applies to TXST-owned computers and mobile devices	Broad set of technical and administrative requirements
Exceptions are extremely limited. Law enforcement and Information Security Measures only. TXST has no authority to make exceptions	Limited exceptions can be authorized by the TXST President.

Can I request an exception to access a technology prohibited by the Governor’s directive?

Faculty and staff may request exceptions for Prohibited Technologies. To request an exception, complete the Exception Request Form. The form must include a business justification and be approved by the President. See the Standards for Technologies Prohibited by Regulation page for more information.
Note: No exceptions may be authorized for Social media services classified as Covered Applications under TGC §620.
What’s a mobile device?

For this policy, mobile devices include but are not limited to laptops, smart phones, tablets, smart watches, and e-readers.
Visit our glossary for a full list of terms and definitions.
What technologies are prohibited?

The DIR maintains a list of Prohibited Technologies, including software, applications, developers, hardware, equipment, and manufacturers, as well as technologies from any subsidiary or affiliate of an entity on DIR’s list (e.g., a software studio or child company partially owned by a listed entity).

The list is available here: https://dir.texas.gov/information-security/prohibited-technologies
Covered Applications are identified by proclamation of the Governor. Presently the only technologies identified as Covered Applications are TikTok and other services from TikTok’s parent company ByteDance Ltd.
Can I access TikTok (or other prohibited software) on Texas State property as long as I’m using a personal device and my own data?

TXST does not manage user’s personal devices. Users with personal devices with prohibited technologies installed will be prohibited from entering sensitive locations and blocked on the TXST network if they connect to TXST-owned networks.
Why does Texas State have to comply with the Governor’s Directive on Prohibited technologies?

Texas State University is a public university and a state agency and is therefore subject to complying with requirements set by the Office of the Governor, rules set by regulatory agencies, and legislative mandates passed into law. Further, the Texas State University System issues policies corresponding to similar compliance requirements.

Students
- I’m a student, not a TXST employee, so why do these rules even apply to me?
  
  These rules apply to all individuals accessing university-owned information resources.
- I’m a student employee at TXST. If other students can have TikTok on their personal devices, why can’t I?
  
  You may have prohibited technologies on personally-owned devices. However, you cannot conduct university business from a personally-owned device that contains prohibited technologies.
- Can I access prohibited technologies if I live in TXST housing?
  
  Yes, an exception has been granted for students who live in TXST housing and connect their personal devices to the TXST-Home network via wireless or ethernet connection. Devices connected to the TXST-Bobcats wireless network are not included in this exception.
- My student organization has a TikTok account. Do we have to we delete it?
  
  Sponsored student organizations should report use of prohibited technologies via this form.
Faculty and Staff
- I’m a faculty member teaching a course at TXST that uses a prohibited technology. What do I do?
  
  Let us know the use of your prohibited technology by completing this form and representatives from the Division of Information Technology will contact you with recommendations on next steps.
- I’m a faculty/staff member, how does this impact my day-to-day?
  
  This answer depends on the tools and technologies you use on a day-to-day basis. Employees who use only university-owned devices, software, and other technologies to do their job should experience little to no impact.
- What do I do if I currently use a prohibited technology for university business?
  
  Discontinue the use of the prohibited technology and let us know by completing this form and representatives from the Division of Information Technology will contact you with recommendations on next steps.
- I’m an employee, and I have a prohibited technology on my personal mobile device. May I continue to check my TXST email, access the VPN, or log on to Canvas, Banner, SAP, or other TXST systems from this device?
  
  No. Having prohibited technology on your personal device while conducting state business is prohibited. You need to remove the prohibited technology before continuing to use this device for university business. If you are required to conduct university business on this device and cannot or will not remove the prohibited technology, you should consult with your supervisor about what device(s) may be made available for performing your duties.
- Is my home considered a sensitive location when working with university data?
  
  No. Sensitive locations will be designated by Texas State and will be marked as such.
- I’m an employee using my personal device to work remotely. May I continue to do so?
  
  It is recommended that a university-issued device be used to work remotely. However, if a personal device is being used to conduct university business, prohibited technologies cannot be installed.
- Is my home network now prohibited from allowing devices with prohibited technology from connecting to it?
  
  No. Objective four’s requirements for network restrictions are limited to university-owned networks.
- I have a personal device with prohibited technologies installed, can I respond to Duo notifications or calls to log on to my TXST Accounts?
  
  Yes, within the scope of this prohibition, using your personal device as part of Duo Multi-Factor Authentication (MFA) is not considered conducting state business or university business.
- I’m an employee of the university using my personal cell phone to text or call my coworkers about non-confidential work-related items. Is this allowed?
  
  Yes, you are allowed to use your personal device to call or text your coworkers to conduct university business if you are not transmitting sensitive or confidential information.
- I’m trying to purchase a piece of hardware and I want to make sure it is compliant. Where do I go to check?
  
  The DIR maintains a list of prohibited technologies, including software, applications, developers, hardware, equipment, and manufacturers, as well as technologies from any subsidiary or affiliate of an entity on DIR’s list (e.g., a software studio or child company partially owned by a listed entity).
  
  View the DIR prohibited technologies list
- I use my personal device to check my TXST email. Does it have to be enrolled in the University’s device management software?
  
  No. TXST’s device management software is for university-owned devices.