Policy Code: 
Effective Date: 
Wednesday, November 14, 2007
Revision Number: 
Last Reviewed: 
Monday, August 5, 2013
Version Control: 
This is a new standard.


To establish security procedures for access to mobile devices thereby ensuring the reliability, accessibility, and security of such devices and the state network.


  1. A power-on password shall be used and shall at least be a 4-digit number
  2. Automatic device locking shall occur after five (5) minutes of inactivity
  3. When configurable, devices shall be disabled after ten (10) successive invalid sign on attempts. If a device becomes disabled, this means the device has all of its local information erased and it must be reconfigured to connect to the State’s servers.


Provide a standard for mobile devices.


This standard applies to all executive branch state agencies excluding the University Systems Office and other higher education institutions, i.e campuses and agricultural and research centers.


Mobile Devices
Personal digital assistants (PDAs) or smart phones that utilize the state network to perform synchronization.


  1. Power-on password characteristics have been established as minimum requirements.  Agencies are encouraged to review the security needs of their specific programs, applications, and systems and enhance the power-on password requirements as necessary.
  2. Incoming and outgoing calls are allowed when locked.


Non-compliance with this standard shall be reported to the Office of the State Auditor.

Drafted By

Security Architecture