Texas Executive Order GA-48

An executive order is a directive from a state’s governor (or the President of the United States) that manages the operations of the state’s government. Executive orders have the force of law and must be followed by the state’s agencies and their employees (including Texas public institutions of higher education and their faculty and staff employees).

The Commerce Department has determined that the designated countries and foreign leader “have engaged in a long-term pattern of serious instances of conduct significantly adverse to the national security of the United States or security and safety” of individuals in the U.S.

Critical infrastructure is defined as a communication infrastructure system, cybersecurity system, IT infrastructure, electric grid system, hazardous waste treatment system, or water treatment facility. Texas Business & Commerce Code, section 117.001(2).

Communication infrastructure could include groupware, email, project management software, fax, phone, teleconferencing systems, and document management systems.

In general terms an IT infrastructure could include:

Hardware – servers, computers, network devices, storage systems, and peripheral devices

Software – operating systems applications, databases, virtualization, and other software programs that enable various functionalities within the infrastructure.

Networks – Networking components such as routers, switches, firewalls, and cables connect devices and facilitate data transmission across the infrastructure.

Data Centers – Centralized facilities that house servers, storage systems, and networking equipment. The data center provides a controlled environments with power, cooling, and security features to ensure optimal performance and data protection.

Cloud Systems – Cloud computing services, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS), offer scalable and flexible solutions for infrastructure requirements.

Security Systems – Infrastructure security measures like firewalls, antivirus software, intrusion detection systems, and encryption technologies protect against unauthorized access, data breaches, and cyber threats.

IT Service Management (ITSM) – ITSM frameworks and tools enable efficient management of IT services, including incident management, change management, problem management, and service desk support.

Cybersecurity System – Cybersecurity refers to any technologies, practices and policies for preventing cyberattacks or mitigating their impact. Cybersecurity aims to protect computer systems, applications, devices, data, financial assets and people against ransomware and other malware, phishing scams, data theft and other cyberthreats.

No. At this time, faculty and staff employees are prohibited from traveling to these countries to conduct official university business. The executive order does not apply to business travel to Venezuela.

No. The executive order prohibits employees of all Texas public universities and state agencies from accepting any and all gifts from the designated countries, including paying for travel expenses.

No. Faculty and staff employees may travel to the designated countries for personal reasons. However, the order requires individuals to notify the university before departing to one of the countries on personal travel. The executive order also requires individuals to provide certain information about the trip upon return. The executive order does not apply to personal travel to Venezuela.

Faculty and staff employees must provide the required notice through Workday using the following Workday process:

Step 1: Login to Workday.

Step 2: In the search window type “Create Request” and press “Enter”

Step 3: In the search results, under Tasks and Reports, select “Create Request”

Step 4: When the dialog box appears, select the search window and then select “All” as the “Request Type” from the drop-down menu.

Step 5: Select “Certification of Travel to a Foreign-Adversary” and then select OK.

Step 6: Answer the following questions in the form:

-When do you intend to leave for travel?

-When do you plan to return from travel?

-Where do you intend to travel?

-Enter any other comments

The manager will receive a task and acknowledges receipt by submitting the task.

A task is triggered for the employee to complete a post-travel brief, and it remains in their Workday inbox until they return to work.

Faculty and staff employees must provide the required post-travel information through Workday using the following Workday process:

Upon submission of the required pre-travel report in Workday, a task is triggered for the employee to complete a post-travel brief, and it remains in their Workday inbox until they return to work.

Upon the employee’s return to work, the employee completes a similar post-travel questionnaire and selects submit.

The manager receives notification of the post-travel brief and closes the request.

The information is being collected solely for the purpose of complying with Executive Order GA-48. University Ethics and Compliance and/or Human Resources will retain the information in accordance with state records retention laws.

A covered agency or public institution of higher education cannot enter into a new contract, contract extension, or contract renewal for a good or service with any company, its holding companies or subsidiaries if they are:

a. Listed in Section 889 of the 2019 National Defense Authorization Act (NDAA); or

b. Listed in Section 1260H of the 2021 NDAA; or

c. Owned by the government of a country on the U.S. Department of Commerce’s foreign adversaries list under 15 C.F.R. § 791.4; or

d. Controlled by any governing or regulatory body located in a country on the U.S. Department of Commerce’s foreign adversaries list under 15 C.F.R. § 791.4.

If an employee is aware of an existing contract that meets one of these restrictions, they must contact University Ethics and Compliance (by emailing universitycompliance@pvamu.edu) who will coordinate a review with the Purchasing and Contracts office. This review will consider whether PVAMU can continue to use the vendor, what options exist to obtain the good or service from a different company, or if a different service is explored in order to meet the need if it is mission critical to the organization.

Successful bidders of goods or services will be required to certify to the following (or similar statement approved by TAMUS):

Respondent certifies that pursuant to Executive Order GA-48, Hardening of State Government, Respondent is not and, if applicable, none of its holding companies or subsidiaries or subcontractors are a) listed in Section 889 of the 2019 National Defense Authorization Act (“NDAA”) regarding telecommunications and video surveillance; b) listed in Section 1260H of the 2021 NDAA regarding Chinese military companies in the US; c) owned by the government of a country on the U.S. Department of Commerce’s foreign adversaries list under 15 C.F.R. § 791.4 (“15 C.F.R. § 791.4 List”); or d) controlled by any governing or regulatory body located in a country on the 15 C.F.R. § 791.4 List. Respondent acknowledges that a false certification is grounds for immediate termination of any resulting contract or purchase order with no further obligation on the part of A&M System.

To the extent that Executive Order GA-48, Hardening of State Government, is applicable to this Agreement, [CONTRACTING PARTY] represents and warrants that [CONTRACTING PARTY] is not and, if applicable, none of its holding companies or subsidiaries or subcontractors are a) listed in Section 889 of the 2019 National Defense Authorization Act (“NDAA”) regarding telecommunications and video surveillance; b) listed in Section 1260H of the 2021 NDAA regarding Chinese military companies in the US; c) owned by the government of a country on the U.S. Department of Commerce’s foreign adversaries list under 15 C.F.R. § 791.4 (“15 C.F.R. § 791.4 List”); or d) controlled by any governing or regulatory body located in a country on the 15 C.F.R. § 791.4 List. [CONTRACTING PARTY] acknowledges that a false certification is a material breach of contract and is grounds for immediate termination of this Agreement with no further obligation on the part of A&M System.

In accordance with recent revision of System Regulation 15.05.04, High Risk Global Engagements and High Risk International Collaborations, and PVAMU Rule 15.05.04.P1, High Risk Global Engagements and High Risk International Collaborations, employees must not accept any gift, including travel, from an entity associated with a Country of Concern, as defined by System Regulation 15.05.04. If a group representing one of these countries offers a gift, including travel, to an employee, the employee must promptly report the offered gift to University Ethics and Compliance by submitting a Country of Concern Contact Reporting Form (formerly Foreign Adversary Gift Reporting Form).

In accordance with recent revision of System Regulation 15.05.04, High Risk Global Engagements and High Risk International Collaborations, and PVAMU Rule 15.05.04.P1, High Risk Global Engagements and High Risk International Collaborations, employees are prohibited from participating in Malign Foreign Talent Recruitment Programs, as defined by System Regulation 15.05.04. Any employee who receives solicitations to participate in Malign Foreign Talent Recruitment Programs, as defined by System Regulation 15.05.04, must promptly notify University Ethics and Compliance by submitting a Country of Concern Contact Reporting Form.

Prairie View A&M University must include in the minimum qualifications of the job descriptions of all positions that research, work on, or have access to critical infrastructure as defined in Section 113.001(2), Business and Commerce Code, that a requirement to be hired for and to continue to be employed in that position is the ability to maintain the security or integrity of the infrastructure. Applicable positions which will be reviewed for this job description change include employees working within information technology, cybersecurity, telecommunications, utilities, EHS, facilities, water treatment, electrical grid, and hazardous waste management.

Further, all the above-described applicable personnel, and similarly situated state contractors, must be routinely reviewed to determine whether or not things such as criminal history or continuous connections to the government or political apparatus of a foreign adversary that might prevent the applicant, employee, or contractor from being able to maintain the security or integrity of the infra-structure.

Yes. PVAMU will be required to submit a certification confirming its full implementation of this plan this summer. This certification must be submitted to the System Ethics and Compliance Office on or before July 1, 2025, to facilitate the System’s certification to the Governor’s Office on or before August 1, 2025.