...
All users who have elevated access to a system or service will have a secondary account for solely used for tasks that require greater administrative access. The account will be tied to an individual user and that user will be responsible for keeping the account secure. The password for this account must follow the Network Password Requirements and cannot be the same as your personal account.
If available, the account should be stored in a University Controlled Password Manager.
Non-Person Accounts
A non-person account is created for a service, application or a group to gain access. The manager/owner of the account is responsible for the use of the account.
...
Service accounts are accounts that are designated for use for a particular service or application and have elevated privileges. They should be used only for the function that they were created for. A service account will be created for each function for a particular service or application and that . Tje account should abide by the rule of least privilege as described by NIST.
Service accounts will be created and follow the naming conventions as established in The the Privileged Access Standard.
If available, the account should be stored in a University Controlled Password Manager, if available. .
(Should we put specific password completely requirements on these accounts?)
Departmental Accounts
A departmental account is an account that is shared by a group to access department resources.
These accounts are not allowed any privileged access and are intended for use to access email, file shares, office suites, and web browsers.
Departmental accounts will not be granted administrative privileges on any system and should not be used to authenticate services or applications to Active Directory.
(Should we put specific password completely requirements on these accounts?)