Executive Order GA-48

GA-48

On November 19, 2024, Governor Greg Abbott issued Executive Order GA-48 relating to the hardening of State Government. The order requires state agencies and Texas institutions of higher education to harden state systems and protect critical infrastructure and information from being accessed by foreign adversaries. GA-48 specifically references countries, governments, and non-government persons pursuant to 15 CFR 791.4, Determination of foreign adversaries, and mandates restrictions on TVCC employee professional and personal activities related to such countries, governments, and non-government persons.

Please fill out our Pre-Travel Form. The Post-Travel Form will be emailed to you after you return from your trip.

An executive order is a directive from a state’s governor (or the President of the United States) that manages the operations of the state’s government.  Executive orders have the force of law and must be followed by the state’s agencies and their employees, including Texas public institutions of higher education.

The U.S. Secretary of Commerce determines “foreign adversaries” pursuant to 15 CFR 791.4 as “… foreign governments or foreign non-government persons..” that “… have engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or security and safety of United States persons…” The Secretary’s determination is based upon multiple sources, and the Secretary periodically reviews and/or amends this list.

View the current list of countries on the Code of Federal Regulations website.

Critical infrastructure means a communication infrastructure system, cybersecurity system, electric grid system, hazardous waste treatment system, or water treatment facility as per Texas Business & Commerce Code, section 117.001(2) (formerly 113.001).  Cybersecurity is referenced to mean the measures taken to protect a computer, computer network, computer system, or other technology infrastructure against unauthorized use or access.

Communication infrastructure could include groupware, email, project management software, fax, phone, teleconferencing systems, and document management systems.

In general terms an IT infrastructure could include:

Hardware – servers, computers, network devices, storage systems, and peripheral devices

Software – operating systems applications, databases, virtualization, and other software programs that enable various functionalities within the infrastructure. 

Networks – Networking components such as routers, switches, firewalls, and cables connect devices and facilitate data transmission across the infrastructure.

Data Centers – Centralized facilities that house servers, storage systems, and networking equipment. The data center provides a controlled environments with power, cooling, and security features to ensure optimal performance and data protection.

Cloud Systems – Cloud computing services, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS), offer scalable and flexible solutions for infrastructure requirements.

Security Systems – Infrastructure security measures like firewalls, antivirus software, intrusion detection systems, and encryption technologies protect against unauthorized access, data breaches, and cyber threats.

IT Service Management (ITSM) – ITSM frameworks and tools enable efficient management of IT services, including incident management, change management, problem management, and service desk support.

Cybersecurity System – Cybersecurity refers to any technologies, practices and policies for preventing cyberattacks or mitigating their impact. Cybersecurity aims to protect computer systems, applications, devices, data, financial assets and people against ransomware and other malware, phishing scams, data theft and other cyberthreats.

No. Professional travel to “Countries of Concern” is prohibited. GA-48 does not apply to business travel to Venezuela unless it is to do business with the Maduro Regime. Accepting gifts from “Countries of Concern” is also prohibited.

The information is being collected solely for the purpose of complying with Executive Order GA-48. TVCC retains the information in accordance with state records retention laws.

Yes. You are considered a full-time employee even without a summer appointment.

No. GA-48 prohibits employees from accepting gifts from “Countries of Concern” for professional purposes.

Yes. Allowing a “Country of Concern” to pay for publishing costs is considered a gift for professional purposes.

There are no waivers or exemptions.

Yes, however steps must be taken to ensure that no professional business is conducted while in the Country of Concern.

No. Since working abroad is considered professional activity, doing so in a "Country of Concern" is prohibited. TVCC does not allow any participation in a college related activity, access to college software platforms or networks, or travel with any college related data, equipment, or property.

No. GA-48 prohibits participation in programs such as the PRC Thousand Talents Program.