Mobile Device Access Control Standard

Medium

Purpose

To establish security procedures for access to mobile devices thereby ensuring the reliability, accessibility, and security of such devices and the state network.

Standard

Any state-owned device, or any personally-owned device that synchronizes or stores state-owned data:

  1. Shall use a PIN that is a minimum of six (6) digits and has a maximum life of ninety (90) days.
  2. Shall automatically lock after five (5) minutes of inactivity.
  3. Shall be disabled after ten (10) successive invalid sign on attempts.  If a device becomes disabled, this means the device has all local information erased and must be reconfigured to connect to the State's servers.

Definition

Mobile Device - A mobile device is a handheld device with local storage, cameras and video recording capability which includes but is not exclusive to smart phones, smart watches and tablets.  Mobile devices support the synchronization of local data with a different location such as a laptop, server or automated cloud backup.

Guidance

This standard establishes minimum requirements only. Agencies are encouraged to review the security needs of their specific programs, applications, and systems and enhance the requirements as necessary. 

Policy

Provide a standard for mobile devices.

Scope

This standard applies to all executive branch state agencies including the University Systems Office but excluding other higher education institutions, i.e. campuses and agricultural and research centers.

Statement of Commitment

North Dakota's CIO/CTO directs that IT Policy be created to establish statewide information technology policies and standards as defined within ND Century Code (Chapter 54-59-09).

Non-Compliance

Non-compliance with this standard shall be reported to the Office of the State Auditor.


Revision Number: 2
Revision Date: 2018-06-29
Effective Date: 2007-11-14
Last Reviewed: 2020-02-04
Number: POL0020123