Physical Access Standard

Medium

Purpose

To establish a physical security policy which will ensure servers and workstations are protected and to minimize the risk of unauthorized access to the state government network.

Standard

  1. All servers shall be located in an area of minimal traffic and physical access to the servers shall be restricted to authorized personnel. All visitors shall be logged in and escorted by an authorized person.
  2. All servers and workstations shall require logons.  Local guest and anonymous accounts shall be deactivated or deleted.  Servers and Workstations shall be either manually logged off or locked prior to leaving them unattended.
  3. All workstations shall have automatic screen locking active with a maximum of a 15-minute activation time.

Definition

State Government Network (Internal) - Used to outline the perimeter of the network infrastructure used solely for State Agencies and excludes other government branches, such as, K12, North Dakota universities, and other political sub-divisions attached externally to the State network.

Policy

To protect the state information technology infrastructure from unauthorized physical access.

Scope

This standard applies to all executive branch state agencies including the University Systems Office but excluding other higher education institutions, i.e. campuses and agricultural and research centers.

Statement of Commitment

North Dakota's CIO/CTO directs that IT Policy be created to establish statewide information technology policies and standards as defined within ND Century Code (Chapter 54-59-09).

Non-Compliance

Non-compliance with this standard shall be reported to the Office of the State Auditor.


Revision Number: 2
Revision Date: 2017-06-27
Effective Date: 2005-07-18
Last Reviewed: 2021-01-05
Number: POL0020124