Notice of prohibited technologies security plan

UTA has been taking steps to follow Gov. Greg Abbott’s Dec. 7 directive to state agencies to ban the video-sharing application TikTok from all university-owned and state-issued devices and networks due to potential international government surveillance risks. To comply, the University has been restricting access to the app on UTA-owned computing devices and UTA wired and wireless networks.

Last week, the governor’s office issued a statewide model security plan that provided guidance on managing personal devices used to conduct state business and expanded the list of prohibited technologies. All state agencies, including The University of Texas at Arlington, were directed to develop their own prohibited technologies security policy and submit it to the state. UTA’s new standard, which took effect Feb. 15, 2023, can be found in the Handbook of Operating Procedures Information Security and Acceptable Use Policy.

As University leadership continues to evaluate the best ways to substantially comply with the model security plan, we want to be transparent about the plan’s impact on the UTA community. Here’s what you need to know.

The model security plan provides guidance on University-owned devices; personal devices belonging to faculty, staff, and students; and locations where sensitive information could be accessed.

Excluding specific approved exceptions, the use or download of these listed applications or technologies is prohibited on all University-owned devices, including cellphones, tablets, desktop and laptop computers, and other internet-capable devices.
Employees and contractors may not install or operate prohibited applications or technologies on any personal device that is also used to conduct University business, in accordance with UTA’s Acceptable Use Policy. University business includes accessing any University-owned data, applications, email accounts, nonpublic-facing communications, state email, VoIP, SMS, video conferencing, CAPPS, Texas.gov, and any other state databases or applications. For example, if you check your UTA employee email account on a personal device, you cannot download prohibited technologies to that device.
Unauthorized devices such as personal cellphones, tablets, or laptops may not enter sensitive locations, which includes any electronic meeting labeled as a sensitive location. A sensitive location is any location, physical or digital, that is used to discuss confidential or controlled information, as defined by the Information Security Office’s Data Classification Standard.

The University is taking these important steps to help address vulnerabilities presented by the use of TikTok and other technologies on personal and state-issued devices. These measures help protect both information contained in the University’s network and our critical infrastructure from potential international government surveillance risks.

What if I need to use a prohibited technology for research, course instruction, or class work?

The governor’s directive allows for exceptions to the policy to be directed by the agency head. Exceptions to the policy may be considered when the use of prohibited technologies is required for a specific business need. The University has requested exceptions for teaching and research, which are still pending with the University of Texas System.

We are appreciative of the UTA community’s understanding and flexibility as we work through these changes. For questions regarding the University’s new standard on prohibited technologies, please contact the Information Security Office at security@uta.edu.