Collecting Metric 2.8

Non-User Privileged Network Accounts

1. Identify the characteristics that make your agency’s network accounts privileged.

   • These will be the same characteristics you identified in Step 1 of Metric 2.7. You can find examples on the FISMA Definitions and Additional Information pages.

2. Search the user repository (Active Directory) for accounts with the values identified in Step 1.

   • See the Tools & Tips section for examples of techniques to search Active Directory.
   • If you have a good way of directly identifying non-user privileged network accounts, for example a naming convention or group, this may speed up the process.

3. Since we’re looking for non-user accounts, exclude the accounts you identified in Metric 2.7.
4. Count the remainder and record the number for Metric 2.8.