Privileged Access Risk Score Calculator

ANA›Life Services Authority›National Calculator Authority›Privileged Access Risk Score Calculator

.calc-container { max-width: 640px; margin: 2rem 0; padding: 1.5rem; background: #fff; border: 1px solid #ddd; border-radius: 8px; box-shadow: 0 1px 3px rgba(0,0,0,0.06); font-family: system-ui, -apple-system, sans-serif; } .calc-container h3 { font-family: Georgia, serif; font-size: 1.15rem; color: #1a1a1a; margin-bottom: 1rem; padding-bottom: 0.5rem; border-bottom: 2px solid var(--ac, #3d5a80); } .calc-row { display: flex; align-items: center; gap: 0.75rem; margin-bottom: 0.75rem; flex-wrap: wrap; } .calc-row label { min-width: 160px; font-size: 0.9rem; color: #333; font-weight: 500; } .calc-row input[type="number"], .calc-row select { flex: 1; min-width: 120px; max-width: 200px; padding: 0.5rem 0.6rem; border: 1px solid #ccc; border-radius: 4px; font-size: 0.9rem; font-family: system-ui, sans-serif; color: #1a1a1a; background: #fafaf8; } .calc-row input:focus, .calc-row select:focus { outline: none; border-color: var(--ac, #3d5a80); box-shadow: 0 0 0 2px rgba(26,74,138,0.12); } .calc-row .unit { font-size: 0.82rem; color: #888; min-width: 30px; } .calc-btn { display: inline-block; margin-top: 0.5rem; padding: 0.55rem 1.5rem; background: var(--ac, #3d5a80); color: #fff; border: none; border-radius: 4px; font-size: 0.9rem; font-weight: 600; cursor: pointer; font-family: system-ui, sans-serif; } .calc-btn:hover { opacity: 0.9; } .calc-result { margin-top: 1.25rem; padding: 1rem 1.25rem; background: #f0f6fc; border-left: 3px solid var(--ac, #3d5a80); border-radius: 0 6px 6px 0; display: none; } .calc-result.visible { display: block; } .calc-result-label { font-size: 0.78rem; text-transform: uppercase; letter-spacing: 0.06em; color: #666; margin-bottom: 0.25rem; } .calc-result-value { font-size: 1.6rem; font-weight: 700; color: var(--ac, #3d5a80); } .calc-result-detail { font-size: 0.85rem; color: #555; margin-top: 0.5rem; line-height: 1.5; } .calc-note { margin-top: 1rem; font-size: 0.8rem; color: #888; font-style: italic; } .calc-grid { display: grid; grid-template-columns: 1fr 1fr; gap: 0.75rem; margin-top: 0.75rem; } .calc-grid-item { padding: 0.6rem 0.8rem; background: #f8f9fa; border-radius: 4px; border: 1px solid #eee; } .calc-grid-item .label { font-size: 0.75rem; color: #888; text-transform: uppercase; letter-spacing: 0.04em; } .calc-grid-item .value { font-size: 1.1rem; font-weight: 600; color: #1a1a1a; } @media (max-width: 720px) { .calc-row { flex-direction: column; align-items: flex-start; gap: 0.3rem; } .calc-row label { min-width: auto; } .calc-row input[type="number"], .calc-row select { max-width: 100%; width: 100%; } .calc-grid { grid-template-columns: 1fr; } } .calc-chart { margin: 1rem 0; text-align: center; } .calc-chart svg { max-width: 100%; height: auto; } .calc-chart-legend { display: flex; flex-wrap: wrap; justify-content: center; gap: 0.6rem 1.2rem; margin-top: 0.6rem; font-size: 0.8rem; color: #555; } .calc-chart-legend span { display: inline-flex; align-items: center; gap: 0.3rem; } .calc-chart-legend i { display: inline-block; width: 10px; height: 10px; border-radius: 2px; font-style: normal; } .calc-related { max-width: 640px; margin: 2rem 0 1rem; padding: 1.25rem 1.5rem; background: #f8f9fa; border: 1px solid #e8e8e8; border-radius: 8px; } .calc-related h3 { font-family: Georgia, serif; font-size: 1rem; color: #1a1a1a; margin: 0 0 0.75rem; padding-bottom: 0.4rem; border-bottom: 2px solid var(--ac, #3d5a80); } .calc-related-list { list-style: none; padding: 0; margin: 0 0 0.75rem; display: grid; grid-template-columns: 1fr 1fr; gap: 0.4rem 1.5rem; } .calc-related-list li a { font-size: 0.88rem; color: var(--ac, #3d5a80); text-decoration: none; } .calc-related-list li a:hover { text-decoration: underline; } .calc-browse-all { margin: 0.5rem 0 0; font-size: 0.9rem; font-weight: 600; } .calc-browse-all a { color: var(--ac, #3d5a80); text-decoration: none; } .calc-browse-all a:hover { text-decoration: underline; } @media (max-width: 720px) { .calc-related-list { grid-template-columns: 1fr; } }

Privileged Access Risk Score Calculator

Calculates a composite Privileged Access Risk Score (PARS) on a 0–100 scale by weighting account exposure, access breadth, authentication controls, and behavioral activity factors. Higher scores indicate greater risk requiring immediate remediation.

Total Privileged Accounts

Shared / Generic Privileged Accounts

Dormant Accounts (no login > 90 days)

Number of Critical Systems Accessible

Total Critical Systems in Environment

MFA Coverage on Privileged Accounts (%)

PAM Tool Coverage on Privileged Accounts (%)

Off-Hours Privileged Logins (last 30 days)

Total Privileged Logins (last 30 days)

Failed Privileged Login Attempts (last 30 days)

Calculate Risk Score —

function priCalc() { // --- Read inputs --- const totalAccounts = parseFloat(document.getElementById('pri-total-accounts').value); const sharedAccounts = parseFloat(document.getElementById('pri-shared-accounts').value); const dormantAccounts = parseFloat(document.getElementById('pri-dormant-accounts').value); const systemsAccess = parseFloat(document.getElementById('pri-systems-accessible').value); const totalSystems = parseFloat(document.getElementById('pri-total-systems').value); const mfaCoverage = parseFloat(document.getElementById('pri-mfa-coverage').value); const pamCoverage = parseFloat(document.getElementById('pri-pam-coverage').value); const offHoursLogins = parseFloat(document.getElementById('pri-offhours-logins').value); const totalLogins = parseFloat(document.getElementById('pri-total-logins').value); const failedLogins = parseFloat(document.getElementById('pri-failed-logins').value);

const resultDiv = document.getElementById('pri-result');

// --- Validation --- if ([totalAccounts, sharedAccounts, dormantAccounts, systemsAccess, totalSystems, mfaCoverage, pamCoverage, offHoursLogins, totalLogins, failedLogins].some(isNaN)) { resultDiv.innerHTML = 'Please fill in all fields.'; return; } if (totalAccounts Total Privileged Accounts must be at least 1.'; return; } if (totalSystems Total Critical Systems must be at least 1.'; return; } if (totalLogins Total Privileged Logins must be at least 1.'; return; } if (sharedAccounts > totalAccounts || dormantAccounts > totalAccounts) { resultDiv.innerHTML = 'Shared/Dormant accounts cannot exceed Total Privileged Accounts.'; return; } if (systemsAccess > totalSystems) { resultDiv.innerHTML = 'Systems Accessible cannot exceed Total Critical Systems.'; return; } if (mfaCoverage 100 || pamCoverage 100) { resultDiv.innerHTML = 'Coverage percentages must be between 0 and 100.'; return; } if (offHoursLogins > totalLogins) { resultDiv.innerHTML = 'Off-Hours Logins cannot exceed Total Logins.'; return; } if (failedLogins > totalLogins) { resultDiv.innerHTML = 'Failed Logins cannot exceed Total Logins.'; return; }

// --------------------------------------------------------------- // COMPONENT 1 — Account Exposure Score (weight = 0.30) // Shared Account Ratio + Dormant Account Ratio, averaged → [0,1] // --------------------------------------------------------------- const sharedRatio = sharedAccounts / totalAccounts; // 0–1 const dormantRatio = dormantAccounts / totalAccounts; // 0–1 const C1 = ((sharedRatio + dormantRatio) / 2) * 100; // 0–100

// --------------------------------------------------------------- // COMPONENT 2 — Access Breadth Score (weight = 0.25) // Ratio of critical systems reachable by privileged accounts // --------------------------------------------------------------- const C2 = (systemsAccess / totalSystems) * 100; // 0–100

// --------------------------------------------------------------- // COMPONENT 3 — Authentication Control Gap (weight = 0.25) // Average of MFA gap and PAM gap (inverted coverage) // --------------------------------------------------------------- const mfaGap = (100 - mfaCoverage) / 100; // 0–1 const pamGap = (100 - pamCoverage) / 100; // 0–1 const C3 = ((mfaGap + pamGap) / 2) * 100; // 0–100

// --------------------------------------------------------------- // COMPONENT 4 — Behavioral Activity Score (weight = 0.20) // Off-Hours Login Rate + Failed Login Rate, averaged → [0,1] // Failed login rate capped at 1 (can exceed total in edge cases) // --------------------------------------------------------------- const offHoursRate = offHoursLogins / totalLogins; // 0–1 const failedRate = Math.min(failedLogins / totalLogins, 1); // 0–1 const C4 = ((offHoursRate + failedRate) / 2) * 100; // 0–100

// --------------------------------------------------------------- // COMPOSITE PARS = Σ(weight_i × Component_i) // --------------------------------------------------------------- const W1 = 0.30, W2 = 0.25, W3 = 0.25, W4 = 0.20; const PARS = Math.min(100, Math.max(0, W1 * C1 + W2 * C2 + W3 * C3 + W4 * C4 ));

// --- Risk band --- let band, color; if (PARS ' + 'PARS: ' + PARS.toFixed(1) + ' / 100' + '' + '' + band + '' + '' + 'Component' + 'Score (0–100)Weight' + 'Contribution' + 'Account Exposure' + '' + C1.toFixed(1) + '' + '30%' + '' + (W1C1).toFixed(1) + '' + 'Access Breadth' + '' + C2.toFixed(1) + '' + '25%' + '' + (W2C2).toFixed(1) + '' + 'Auth Control Gap' + '' + C3.toFixed(1) + '' + '25%' + '' + (W3C3).toFixed(1) + '' + 'Behavioral Activity' + '' + C4.toFixed(1) + '' + '20%' + '' + (W4C4).toFixed(1) + '' + ''; }

#### Formula

PARS = 0.30 × C1 + 0.25 × C2 + 0.25 × C3 + 0.20 × C4

Where each component is scaled 0–100:

C1 — Account Exposure: [(Shared Accounts / Total Accounts) + (Dormant Accounts / Total Accounts)] / 2 × 100
C2 — Access Breadth: (Systems Accessible / Total Critical Systems) × 100
C3 — Authentication Control Gap: [(1 − MFA Coverage%) + (1 − PAM Coverage%)] / 2 × 100
C4 — Behavioral Activity: [(Off-Hours Logins / Total Logins) + min(Failed Logins / Total Logins, 1)] / 2 × 100

Risk Bands: 0–24 Low | 25–49 Moderate | 50–74 High | 75–100 Critical

#### Assumptions & References

Privileged Access Risk Score Calculator

Privileged Access Risk Score Calculator

More Calculators

Read Next

References

Privileged Access Risk Score Calculator

Privileged Access Risk Score Calculator

More Calculators

Read Next

References

Related Authorities