Prohibited Technologies & Covered Applications (Texas DIR)
Quick Overview
- Explains which technologies are prohibited under Texas DIR requirements
- Applies to anyone using SFA technology resources
- Includes both Covered Applications and Prohibited Technologies
- Personal devices used for work must also comply
The Texas Department of Information Resources (DIR) maintains an official list of Covered Applications and Prohibited Technologies that may not be installed, accessed, or used on state-owned devices or for official university business. These restrictions are required by Texas law and are intended to reduce cybersecurity, privacy, and data protection risks.
These requirements apply to endpoint devices used to access university systems and do not extend to consumer networking equipment involved solely in network connectivity or data transit.
Legal & Policy Background
- Texas Government Code, Chapter 620
- Governor of Texas directive on Covered Applications
- Texas Administrative Code (TAC) 202
- UT System and Stephen F. Austin State University information security policies
Key Definitions
Covered Applications
Covered Applications are specific applications identified by the State of Texas that are prohibited on government-issued devices and may not be used to conduct official university business.
Prohibited Technologies
Prohibited Technologies include software, services, or technology products that pose unacceptable security or data protection risks, including those produced by certain vendors and their affiliates.
Endpoint Device
An endpoint device is a system directly used by an individual to access university systems, data, or services, such as a workstation, laptop, mobile phone, or tablet. This term does not include intermediary infrastructure involved in network transit (e.g., home routers, consumer firewalls, ISPs, cellular carriers, or public Wi-Fi networks).
Important
Personal devices used for university business (email, VPN, file access, cloud services) must not have Covered Applications or Prohibited Technologies installed or running on the endpoint device itself if they are used to access university systems, data, or services.
Who This Applies To
- All faculty and staff
- Student employees and contractors
- Anyone using SFA-owned or SFA-managed devices
- Anyone using a personal endpoint device to access SFA systems or conduct official business
Required Actions
- Do not install or use prohibited technologies on SFA-owned devices.
- Remove prohibited technologies from any personal endpoint device used for work.
- Do not access SFA systems using endpoint devices that contain prohibited technologies installed or running on the device.
- Contact IT Security if you believe an exception is required for official business.
Clarification: The use of consumer networking equipment (such as home routers) does not, by itself, restrict access to SFA systems or data. These requirements apply to technologies installed on endpoint devices, not to passive network transit.
Limited exceptions may be permitted when required for legitimate business, research, or law enforcement purposes and must be reviewed and approved by Information Security in accordance with Texas DIR requirements.
Official Prohibited Technologies List
The authoritative and most up-to-date list is maintained by the Texas Department of Information Resources:
https://dir.texas.gov/information-security/covered-applications-and-prohibited-technologies
Need Help?
Contact the IT Help Desk at (936) 468-4357 (HELP).