Cybersecurity Training 

KEY QUESTION: Are county employees and elected and appointed officials required by law to complete cybersecurity training?

MAIN REFERENCE POINTS:

Texas Government Code

• Section 772.012
• Section 2054.5191
• Chapter 2063.
  • Sections 102, 103, and 104

TALKING POINTS:

1. In 2019, the 86th Texas Legislature mandated cybersecurity training for certain county officials and employees under direction of the Texas Department of Information Resources (DIR). Changes were made by the 87th Texas Legislature and the 89th Texas Legislature.
2. In 2021, the 87th Texas Legislature added Texas Government Code Section 2054.5191 requiring local government employees and elected and appointed officials who have access to a local government computer system or database and use a computer to perform at least 25 percent of their required duties to complete annual cybersecurity training; this statute also applied to part-time employees if they met the 25 percent requirement.
3. In 2025, the 89th Texas Legislature passed House Bill 150 which transferred DIR’s cybersecurity functions to the newly established Texas Cyber Command and added Texas Government Code Section 103: “Each elected or appointed official and employee of a governmental entity who has access to the entity’s information resources or information resources technologies shall annually complete a cybersecurity training program…”
4. CJCAT Senior General Counsel Jim Allison noted that the 25 percent exception was added to Section 2054.5191 in 2021 while Section 2063.103 with no such exception was adopted in 2025. Under Government Code Section 311.025, “If statutes enacted at the same or different sessions of the legislature are irreconcilable, the statute latest in date of enactment prevails.” Since Section 2063.103 was the latest enacted, its provisions prevail, and annual cybersecurity training is required for all county officials and employees who have access to the county information resources or information resources technologies.
5. State law also requires cybersecurity training compliance for criminal justice division grants. (Section 772.012)
6. DIR, in consultation with the Texas Cybersecurity Council, was originally tasked with certifying at least five cybersecurity training programs. Cybersecurity-related content will transition from DIR’s website, https://bit.ly/county-cyber-train, to the Texas Cyber Command website, https://www.txcc.texas.gov/, in phases but will remain on the DIR website until migration milestones are completed, https://www.txcc.texas.gov/cybersecurity-transition.
7. Local governments must use a certified training program. There is not an exception for entities with a dedicated cybersecurity officer.
8. A link to the certified programs is available at https://bit.ly/county-cyber-train.
9. According to law, counties shall verify and report on the completion of a cybersecurity training program by local government officials and employees who require training, *https://bit.ly/AI-certify; and require periodic audits to ensure compliance.
10. There is no deadline for annual training to be complete, but the compliance report must be filed by Aug. 31 on an annual basis.

*https://bit.ly/AI-certify is the reporting site for both cybersecurity training and AI training.