Tex. Gov't Code § 2063.408
(b) The command shall establish a state risk and authorization management program to provide a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services that process the data of a state agency. The program must allow a vendor to demonstrate compliance by submitting documentation that shows the vendor's compliance with a risk and authorization management program of:
(c) The command by rule shall prescribe:
(f) A state agency shall require a vendor contracting with the agency to provide cloud computing services for the agency that are subject to the state risk and authorization management program to maintain program compliance and certification throughout the term of the contract.
Transferred, redesignated and amended from Government Code, Section 2054.0593 by Acts 2025, 89th Leg., R.S., Ch. 331 (H.B. 150), Sec. 16, eff. September 1, 2025.
Added by Acts 2021, 87th Leg., R.S., Ch. 567 (S.B. 475), Sec. 2, eff. June 14, 2021.