The Statewide Portal for Enterprise Cybersecurity Threat, Risk, and Incident Management (SPECTRIM) is the new, web-based tool that Texas A&M University will use for annual Information Technology (IT) risk assessments as of FY 2016. It is provided by the Texas Department of Information Resources (DIR).

The Division of IT retired the old risk assessment tool, ISAAC, following the end of the FY 2015 risk assessment process. FY 2016 was used to develop procedures for implementing SPECTRIM university-wide in FY 2017. SPECTRIM measures IT compliance against the state's Information Security Standards for Institutions of Higher Education found in Title 1, Chapter 202, Texas Administrative Code (TAC 202).

A Security Control Standards Catalog was created by DIR to modernize TAC 202 and to conform with the current information security climate by adapting Annex F of the National Institute of Standards and Technology Special Publication 800-53 (NIST SP 800-53) to be applicable to the State of Texas. The NIST 800-53 catalog provides guidelines for selecting and specifying security controls for information systems supporting the executive agencies of the federal government.

SPECTRIM is built upon the RSA Archer Governance Risk and Compliance (GRC) platform for DIR and has other modules that the Division of IT is required by DIR to use for reporting purposes. One of the modules is called Incident Management and Analysis, which allows the Division of IT to report major IT incidents to DIR. The other module is called Agency Security Plan, which the Division of IT uses to submit the university security plan.