Mobile Device Access Control Standard



To establish security procedures for access to mobile devices thereby ensuring the reliability, accessibility, and security of such devices and the state network.


Any state-owned device, or any personally-owned device that synchronizes or stores state-owned data:

  1. Shall use a PIN that is a minimum of six (6) digits and has a maximum life of ninety (90) days.
  2. Shall automatically lock after five (5) minutes of inactivity.
  3. Shall be disabled after ten (10) successive invalid sign on attempts.  If a device becomes disabled, this means the device has all local information erased and must be reconfigured to connect to the State's servers.


Mobile Device - A mobile device is a handheld device with local storage, cameras and video recording capability which includes but is not exclusive to smart phones, smart watches and tablets.  Mobile devices support the synchronization of local data with a different location such as a laptop, server or automated cloud backup.


This standard establishes minimum requirements only. Agencies are encouraged to review the security needs of their specific programs, applications, and systems and enhance the requirements as necessary. 


Provide a standard for mobile devices.


This standard applies to all executive branch state agencies including the University Systems Office but excluding other higher education institutions, i.e. campuses and agricultural and research centers.

Statement of Commitment

North Dakota's CIO/CTO directs that IT Policy be created to establish statewide information technology policies and standards as defined within ND Century Code (Chapter 54-59-09).


Non-compliance with this standard shall be reported to the Office of the State Auditor.

Revision Number: 2
Revision Date: 2018-06-29
Effective Date: 2007-11-14
Last Reviewed: 2020-02-04
Number: POL0020123