Â鶹ÊÓƵ

Technologies Prohibited by Regulation

On February 6, 2023, the State of Texas released a model plan as required by Governor Greg Abbott’s December 7, 2022, directive banning Tik Tok on all state agency owned devices and networks. This model plan includes additional Prohibited Technologies and detailed objectives intended to protect the state’s information resources and infrastructure. Additionally, the 88th Texas Legislature adopted Texas Government Code Chapter 620 (TGC §620) on June 14, 2023. This government code addresses the use of certain social media applications known as Covered Applications.

The model plan concerning Prohibited Technologies and TGC §620 requires each state agency to develop its own policies and procedures to support the implementation of these requirements. This page supports the Division of Information Technology and Â鶹ÊÓƵ in fulfilling this obligation and is a complement to the  Standards for Technologies Prohibited by Regulation and the Texas State University systems . [Link to PDF]

As required by the state of Texas, there are five (5) objectives applicable to every state agency and institution of higher education in Texas, including their employees, contractors, interns, and any users of state-owned networks. The following section includes the objectives and a summary of how these objectives impact Â鶹ÊÓƵ and its constituents.  and .

Objectives

FAQs

  • Why does Â鶹ÊÓƵ have to comply with the Governors Directive on Prohibited Technology.

Â鶹ÊÓƵ is a public university and a state agency and is therefore subject to complying with requirements set by the Office of the Governor, rules set by regulatory agencies, and legislative mandates passed into law. Further, the Texas State University System issues policies corresponding to similar compliance requirements.

 

  • What’s the difference between a Covered Application and a Prohibited Technology?
Table explains the difference between a Covered Application and a Prohibited Technology

Covered Applications

Prohibited Technologies

Limited to certain social media applications and services (e.g., TikTok).

Encompasses a broad set of software and hardware products and services.

Prohibition only applies to Â鶹ÊÓƵ-owned computers and mobile devices.

Broad set of technical and administrative requirements.

Exceptions are extremely limited. Law enforcement and Information Security Measures only. Â鶹ÊÓƵ has no authority to make exceptions.

Limited exceptions can be authorized by Â鶹ÊÓƵ President.

 

  •  What technologies are prohibited?

The DIR maintains a list of Prohibited Technologies, including software, applications, developers, hardware, equipment, and manufacturers, as well as technologies from any subsidiary or affiliate of an entity on DIR’s list (e.g., a software studio or child company partially owned by a listed entity). 

The list is available here: 

Covered Applications are identified by proclamation of the Governor. Presently the only technologies identified as Covered Applications are TikTok and other services from TikTok’s parent company ByteDance Ltd.

  •  Can I request an exception to access a technology prohibited by the Governor’s directive?

Faculty and staff may request exceptions for Prohibited Technologies. To request an exception, complete the Prohibited Technologies Exception Request Form. The form must include a business justification and be approved by the President. See the   page for more information.

Note: No exceptions may be authorized for social media services classified as Covered Applications under .

  • What’s a mobile device?

For this policy, mobile devices include but are not limited to laptops, smart phones, tablets, smart watches, and e-readers.

Visit our Definition Catalog for a full list of terms and definitions.

  •  Can I access TikTok (or other prohibited software) on Â鶹ÊÓƵ property as long as I’m using a personal device and my own data?

Â鶹ÊÓƵ does not manage user’s personal devices. Users with personal devices with prohibited technologies installed will be prohibited from entering sensitive locations and blocked on the Â鶹ÊÓƵ network if they connect to Â鶹ÊÓƵ-owned networks.

 

  • I’m a student, not a Â鶹ÊÓƵ employee, so why do these rules even apply to me?

These rules apply to all individuals accessing Â鶹ÊÓƵ-owned information resources.

  • I’m a student employee at Â鶹ÊÓƵ. If other students can have TikTok on their personal devices, why can’t I?

You may have prohibited technologies on personally owned devices. However, you cannot conduct university business from a personally owned device that contains prohibited technologies.

  • Can I access prohibited technologies if I live in Â鶹ÊÓƵ housing?

Yes, an exception has been granted for students who live in Â鶹ÊÓƵ housing and connect their personal devices to the Cardinal Village network via wireless or ethernet connection.

  • My student organization has a TikTok account. Do we have to delete it?

Sponsored student organizations should report the use of prohibited technologies via the form.

 

  • I’m a faculty member teaching a course at Â鶹ÊÓƵ that uses prohibited technology. What do I do?

Let us know the use of your prohibited technology by completing the form and representatives from the Information Technology Division will contact you with recommendations on next steps.

  • I’m a faculty/staff member, how does this impact my day-to-day?

This answer depends on the tools and technologies you use on a day-to-day basis. Employees who use only Â鶹ÊÓƵ-owned devices, software, and other technologies to do their job should experience little to no impact.

  • What do I do if I currently use a prohibited technology for Â鶹ÊÓƵ business?

Discontinue the use of the prohibited technology and let us know by completing the t form and representatives from the Information Technology Division will contact you with recommendations on next steps.

  • I’m an employee, and I have a prohibited technology on my personal mobile device. May I continue to check my Â鶹ÊÓƵ email, access the VPN, or log on to Canvas, Banner, SAP, or other Â鶹ÊÓƵ systems from this device?

No. Having prohibited technology on your personal device while conducting state business is prohibited. You need to remove the prohibited technology before continuing to use this device for university business. If you are required to conduct university business on this device and cannot or will not remove the prohibited technology, you should consult with your supervisor about what device(s) may be made available for performing your duties.

  • Is my home considered a sensitive location when working with Â鶹ÊÓƵ data?

No. Sensitive locations will be designated by Â鶹ÊÓƵ and will be marked as such.

  • I’m an employee using my personal device to work remotely. May I continue to do so?

It is recommended that a Â鶹ÊÓƵ-issued device be used to work remotely. However, if a personal device is being used to conduct university business, prohibited technologies cannot be installed.

  • Is my home network now prohibited from allowing devices with prohibited technology from connecting to it?

No. Objective 4’s requirements for network restrictions are limited to Â鶹ÊÓƵ-owned networks.

  • I have a personal device with prohibited technologies installed, can I respond to Duo notifications or calls to log on to my Â鶹ÊÓƵ Accounts?

Yes, within the scope of this prohibition, using your personal device as part of Duo Multi-Factor Authentication (MFA) is not considered conducting state business or university business.

  • I’m an employee of Â鶹ÊÓƵ, using my personal cell phone to text or call my coworkers about non-confidential work-related items. Is this allowed?

Yes, you are allowed to use your personal device to call or text your coworkers to conduct university business if you are not transmitting sensitive or confidential information.

  • I’m trying to purchase a piece of hardware, and I want to make sure it is compliant. Where do I go to check?

The DIR maintains a list of prohibited technologies, including software, applications, developers, hardware, equipment, and manufacturers, as well as technologies from any subsidiary or affiliate of an entity on DIR’s list (e.g., a software studio or child company partially owned by a listed entity).

  • I use my personal device to check my Â鶹ÊÓƵ email. Does it have to be enrolled in the university’s device management software?

No. Â鶹ÊÓƵ’s device management software is for university-owned devices.