Over the past few years, Columbia Advisory Group (CAG) has been instrumental in helping improve the State of Texas’ cybersecurity posture. CAG has completed over 200+ Texas Cybersecurity Framework (TCF) assessments of State of Texas Agencies and Higher Education Institutions.   The TCF is a NIST 800-53/171-based framework assessment for the Texas Department of Information Resources (DIR). The TCF offers a uniform language for addressing and managing cybersecurity risk cost-effectively, aiming to bolster cybersecurity without imposing additional regulatory burdens on agencies. The TCF is aligned with the NIST framework, offering five continuous functions that concurrently manage cybersecurity risks: Identify, Protect, Detect, Respond, and Recover. These functional areas are encapsulated within 42 total security control objectives, guiding organizations in identifying, assessing, and managing their unique cybersecurity risks.

CAG’s proficiency in handling these functions has been a cornerstone in successfully implementing the TCF. By comprehensively navigating through these security control objectives, CAG has enabled valuable insights into each agency’s cybersecurity posture, leading to the identification and resolution of potential vulnerabilities.

The TCF also incorporates a maturity model that helps organizations better understand, manage, and reduce cybersecurity risks. The concept of “maturity” in this context refers to the degree of implementation and optimization of processes, ranging from ad hoc practices to actively optimized processes. CAG’s adeptness in determining the maturity level of each security control objective has significantly aided the agencies in progressing towards higher maturity levels, thereby enhancing their cybersecurity readiness.

CAG’s extensive involvement in the execution of TCF assessments illustrates a deep understanding of the framework and a capacity to apply it effectively across a diverse range of agencies, including the TxDOT, Texas Tech University, Health and Human Services, PUC, Texas Parks, and Wildlife and the Secretary of State among others. CAG delivers up to 40 TCFs annually via an MSA with a Texas-based multinational service provider on the DIR contract.

CAG’s expertise and commitment to bolstering Texas’s cybersecurity landscape provide a compelling case study of a successful public-private partnership. CAG’s approach to the TCF has dramatically improved the digital resilience of the Texas public sector, demonstrating the potential for such collaborations to manage large-scale cybersecurity challenges successfully.

The story of CAG’s work with the Texas DIR illustrates how a public-private partnership, when underpinned by a deep understanding of an effective cybersecurity framework, can significantly enhance the security posture of public sector entities. The benefits of this approach extend far beyond cybersecurity readiness, fostering a more informed workforce that remains the first line of defense against cyber threats.