Purpose
To establish a physical security policy which will ensure servers and workstations are protected and to minimize the risk of unauthorized access to the state government network.
Standard
- All servers shall be located in an area of minimal traffic and physical access to the servers shall be restricted to authorized personnel. All visitors shall be logged in and escorted by an authorized person.
- All servers and workstations shall require logons. Local guest and anonymous accounts shall be deactivated or deleted. Servers and Workstations shall be either manually logged off or locked prior to leaving them unattended.
- All workstations shall have automatic screen locking active with a maximum of a 15-minute activation time.
Definition
State Government Network (Internal) - Used to outline the perimeter of the network infrastructure used solely for State Agencies and excludes other government branches, such as, K12, North Dakota universities, and other political sub-divisions attached externally to the State network.
Policy
To protect the state information technology infrastructure from unauthorized physical access.
Scope
This standard applies to all executive branch state agencies including the University Systems Office but excluding other higher education institutions, i.e. campuses and agricultural and research centers.
Statement of Commitment
North Dakota's CIO/CTO directs that IT Policy be created to establish statewide information technology policies and standards as defined within ND Century Code (Chapter 54-59-09).
Non-Compliance
Non-compliance with this standard shall be reported to the Office of the State Auditor.