Virginia Tech used alternative means for the Credential Technology, IAP section 4.2.3. As described above, Virginia Tech's credential is a personal digital certificate (PDC) stored on the multi-factor SafeNet 64K USB eToken PRO device. The Shared Authentication Secret is the Private Key component of the X.509 certificate. The Private Key is generated onboard the eToken, and cannot be exported off the device. Access to the Private Key is activated using a password that meets the requirements for "stronstrong" resistance to guessing Authentication Secrets outlined in section 18.104.22.168. Virginia Tech asserts that the PDC on the eToken meets or exceeds the criteria outlined in section 4.2.3.
The process for submitting for certification using this alternative means first involved providing the auditor with evidence that the SafeNet 64K USB eToken PRO device would meet or exceed each of the criteria in IAP section 4.2.3. Details supporting our assertion are provided in the CIC Multi-factor Working Group page.