TAC 202 is in close alignment with cybersecurity policies, standards and practices of the NIST 800-53 standards and allows us to benchmark ourselves against real-world standards that other industries use. It also let’s us speak a common language when we’re attempting to describe how we do cybersecurity in the A&M System. It aligns very nicely with Federal Information Security Management Act (FISMA) of 2002. This helps us know if we’re compliant with certain Federal requirements for cybersecurity, even if they don’t actually apply to us. Many federal agencies want to know that the universities they are dealing with have addressed cybersecurity and are contractually in compliance with these standards.
To understand what has changed with TAC 202, start here.
Once you understand TAC 202, consider the controls that are tied to TAC 202, how that impacts your organization and how you should implement those controls. To see the controls related to the new TAC 202, click here.
If you are really curious about how these controls map or compare to other control standards, including the old TAC 202, click here.