In 2022, DIR released a significant update to the Texas Controls Catalog (TCC). Notably the catalog updated the control set alignment from NIST 800-53 revision 4 to r5. In this talk we will examine and present several examples of implementing the TCC at Texas Universities and State Agencies with a special focus on how to undertake an organization-wide assessment against the updated catalog. Topics addressed include: (1) Selecting baseline controls and tailoring controls to fit your EDU/agency; (2) Developing questions to assess the controls; (3) using binary responses vs maturity model or other custom responses; (4) Meaningful roll-up of your data for reporting; and (5) Using assessment data for next steps and action plans. In addition to examples from UT Austin, we will also include approaches from several other Texas EDUs and agencies.

Session Objectives: Attendees will learn how to scope an agency or Edu for TAC202/Texas Controls Catalog (TCC) assessments, understand some of the challenges to conducting an TCC based assessment and potential solutions used by other agencies, and learn end-to-end process for conducting a TTC (NIST 800-53r5) based assessment.

PLATINUM SPONSOR: SALTY CLOUD