I think the 90% reduction is in the number of people who have SysAdmin access. Not in the number of actual workers. I'm sure there are people there who have the SysAdmin access that probably don't need it and shouldn't have it. I would expect an org. like the NSA to do periodic checks of users "need to know" and amend permissions accordingly.

I work in IT at an USAF airbase and we are NOT allowed to connect anything to the USB ports except specific pieces of government HD's and floppies. Yes floppy drives. I heard in a new report on NPR that the NSA had no such restriction. But now they are considering it.