Texas § 2063.408 CLOUD COMPUTING STATE RISK AND AUTHORIZATION MANAGEMENT PROGRAM.

Texas Statutes

§ 2063.408 — CLOUD COMPUTING STATE RISK AND AUTHORIZATION MANAGEMENT PROGRAM.

Texas § 2063.408

Code GVGovernment Code

This text of Texas § 2063.408 (CLOUD COMPUTING STATE RISK AND AUTHORIZATION MANAGEMENT PROGRAM.) is published on Counsel Stack Legal Research, covering Texas primary law. Counsel Stack provides free access to over 12 million legal documents including statutes, case law, regulations, and constitutions.

Bluebook

Tex. Government Code Code Ann. § 2063.408 (2026).

Text

Sec. 2063.408. CLOUD COMPUTING STATE RISK AND AUTHORIZATION MANAGEMENT PROGRAM.

(a)In this section, "cloud computing service" has the meaning assigned by Section 2157.007 .

(b)The command shall establish a state risk and authorization management program to provide a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services that process the data of a state agency. The program must allow a vendor to demonstrate compliance by submitting documentation that shows the vendor's compliance with a risk and authorization management program of:

(1)the federal government; or

(2)another state that the command approves.

(c)The command by rule shall prescribe:

(1)the categories and characteristics of cloud computing services subject to the s

Free access — add to your briefcase to read the full text and ask questions with AI

Sec. 2063.408. CLOUD COMPUTING STATE RISK AND AUTHORIZATION MANAGEMENT PROGRAM. (a) In this section, "cloud computing service" has the meaning assigned by Section 2157.007 .
(b) The command shall establish a state risk and authorization management program to provide a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services that process the data of a state agency. The program must allow a vendor to demonstrate compliance by submitting documentation that shows the vendor's compliance with a risk and authorization management program of:
(1) the federal government; or
(2) another state that the command approves.
(c) The command by rule shall prescribe:
(1) the categories and characteristics of cloud computing services subject to the state risk and authorization management program; and
(2) the requirements for certification through the program of vendors that provide cloud computing services.
(d) A state agency shall require each vendor contracting with the agency to provide cloud computing services for the agency to comply with the requirements of the state risk and authorization management program. The command shall evaluate vendors to determine whether a vendor qualifies for a certification issued by the department reflecting compliance with program requirements.
(e) A state agency may not enter or renew a contract with a vendor to purchase cloud computing services for the agency that are subject to the state risk and authorization management program unless the vendor demonstrates compliance with program requirements.
(f) A state agency shall require a vendor contracting with the agency to provide cloud computing services for the agency that are subject to the state risk and authorization management program to maintain program compliance and certification throughout the term of the contract.
Transferred, redesignated and amended from Government Code, Section 2054.0593 by Acts 2025, 89th Leg., R.S., Ch. 331 (H.B. 150 ), Sec. 16, eff. September 1, 2025.