This standard defines the minimum set of Security Alerts, Advisories, and Directives used by TSUS Components in the furtherance of meeting NIST Special Publication 800-53 SI-5, Security Alerts, Advisories, and Directives. The contents of this standard establish a floor for TSUS components. Component institutions may employ additive overlays that incorporate, detail, and extend requirements set by this standard.
Scope of this Standard
This standard applies to all TSUS Components and their Information Security Officers.
Publication and Updates
This standard was first published on March 27, 2026. This section will be updated when any updates or changes are made to this standard.
Definitions
Terms used in this standard have the meaning ascribed in the Information Security Glossary unless otherwise clarified in this section.
Mandatory Sources of Alerts, Advisories, and Directives
TSUS Component information security units must subscribe to or join the following sources to ensure timely receipt of alerts impacting the security of its information systems. Information Security Officers may find additional details regarding these services in the TSUS Cyber Resilience Program Standard Operating Procedures (SOP).
Cyber Hygiene Vulnerability Scanning (CyHy VS) – Each TSUS component institution will subscribe to CISA’s Cyber Hygiene Vulnerability scanning services. TSUS component ISOs will review reports received from the CISA and incorporate said guidance into the ISO’s threat and risk posture.
TX-ISAO Membership – Each TSUS component institution will become (and remain) a member of the Texas Information Sharing and Analysis Organization (TX-ISAO) TSUS component ISOs will review the TX-ISAO’s notifications and incorporate said guidance into the ISO’s threat and risk posture.
Dorkbot Services – Each TSUS component institution will retain Dorkbot monitoring services provided free of charge by the University of Texas at Austin. TSUS component ISOs will incorporate the information received from these reports into their cybersecurity response and security posture.
Shodan Domain Monitoring - Each TSUS component institution will retain Shodan domain monitoring services. TSUS component ISOs will incorporate the information received from these reports into their cybersecurity response and security posture.
HaveIBeenPwned Domain Monitoring – Each TSUS component institution will retain HaveIBeenPwned’s domain monitoring services. TSUS component ISOs will incorporate the information received from these reports into their cybersecurity response and security posture.
CISA Cybersecurity Advisories – Each TSUS component institution will subscribe to relevant advisories from the Cybersecurity & Infrastructure Security Agency (CISA). These advisories should include cybersecurity advisories and KEV advisories at a minimum.
FDA Safety Communications – Each TSUS component institution will subscribe to relevant Safety Communications from the US Food and Drug Administration (FDA).
Centralized Monitoring and Alerting
Pastebin Domain Monitoring – The TSUS CISO will monitor Pastebin for all TSUS component institution domains. The TXST Information Security Team will disseminate alerts received from Pastebin to the appropriate TSUS component institutions’ ISO.
Third Party Risk Monitoring – Each TSUS component ISO is responsible for monitoring the security posture of its contracted third parties including but not limited to cloud services. The TSUS ISO council will, if feasible, provide a common platform for the security posture monitoring of third parties.