...
What did the auditors do during the audit?
info coming soon
The auditors Virginia Tech's Internal Auditors were involved with the project from the beginning and were given full access to the project wiki space. When the audit phase began, the auditor assigned to the project met weekly with the Virginia Tech InCommon Silver project leads to gather information and ensure that project status was well communicated. Initially During initial meetings, we discussed the scope of each IAP section and compliled a list of references, including documentation and technical personnel who would be interviewed. The auditors read the referenced policy documents and interviewed technical personnel who explained their technical controls and, where applicable, how the policies were implemented and enforced in technology and software. Auditors performed vulnerability scans and examined configuration files. The auditors obtained eTokens and observed the procedures for identity proofing, registration, and certificate issuance. Certificates were examined to verify the Object identifier in each certificate that corresponds to a Bronze or Silver credential.
...