How do vendors get TX-RAMP certified?
There are three possible TX-RAMP certifications a vendor can receive depending on the sensitivity of the information or material they handle. DIR will define Low, Moderate, and High Impact information resources according to the Texas Administrative Code Chapter 202.1 and as determined by UTRGV.
Step 1 – Obtain level determination from UTRGV
The first step is to obtain your appropriate TX-RAMP level based on confidentiality requirements and the organizational impact determination from UTRGV. Once categorized, vendors must obtain TX-RAMP certification from Texas DIR and submit a TX-RAMP Assessment Request to Texas DIR before their provisional certification expires.
We strongly recommend that you do this today to avoid a lapse in contracted services due to non-compliance.
Step 2 – Obtain the required TX-RAMP Certification
Apply and complete certification.
Step 3 – Notify UTRGV and submit a copy of the DIR TX-RAMP Certification
Submit a copy of the DIR TX-RAMP certificate and the corresponding product SKU number(s) to UTRGV via email to pmo@utrgv.edu and infosec@utrgv.edu.
Step 4 – Complete Requirements for Continuous Monitoring
TX-RAMP requires agencies to routinely assess and monitor their vendors to ensure that their security posture is acceptable to maintain their certification. Vendors who are certified through TX-RAMP will be required to fill out a quarterly or yearly (for TX-RAMP Level 2 and Level 1, respectively) vulnerability questionnaire from DIR. Afterward, agencies are responsible for analyzing the results and reporting any critical findings to DIR.
Step 5 – Vendor must notify UTRGV when they are no longer TX-RAMP certified
If TX-RAMP Certification is revoked, the vendor must notify UTRGV via email to pmo@utrgv.edu and infosec@utrgv.edu.
For more information on the TX-RAMP certification process, please visit:
- TX -RAMP Assessment Request for Vendors
- TX-RAMP Overview for Vendors
Contact Information:
For assistance with TX-RAMP, contact TX-RAMP@utrgv.edu.
For questions about how TX-RAMP certifications may affect procurement contracts, contact purchcontracts@utrgv.edu.
Resource Links:
Texas Senate Bill 475
Texas Department of Information Resources (DIR)
UTRGV Information Security
|
Like most modern organizations, UTRGV utilizes software to perform many essential tasks. Much of that software is accessible via a “cloud” computing structure typically shared by other businesses and organizations and not hosted on university property.
While these systems are effective, they are not perfect. To better protect state data from future cybersecurity threats, the state has implemented the Texas Risk and Authorization Management Program (TX-RAMP), which requires state agencies and institutions, including UTRGV, to only contract with cloud vendors that comply with TX-RAMP certification standards.
How do we know if our software is TX-RAMP compliant?
UTRGV’s Information Technology and Information Security departments are tasked with actively assessing all software utilized by University employees and students on an ongoing basis. However, this is a huge undertaking, and we need your help to ensure UTRGV successfully complies with this new law.
What do I need to do?
All faculty and staff members who make software procurement decisions must submit a Software Assessment Request when a new product/vendor has been identified for purchase or 60 days before renewing an existing product/vendor.
Please note the following:
We thank you for taking this critical step toward protecting UTRGV and our campus community.
|