Child pages
  • Assurance Implementation Example - Virginia Tech

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

4.2.4 Credential Issuance and Management

    info coming soon

...

Scope:

...

Gap Analysis: 

Action item (identify section and sub-section)

Who (Univ. unit)

Type (documentation, infrastructure, procedure, Token Administration System)

Effort (Major, moderate, minor, complete)

4.2.4.2 Credential revocation or expiration – item #1 specifies the IdPO shall revoke Credentials or Tokens within 72 hours of being notified that a credential is invalid or compromised. We must document this in CPS and publish/enforce procedures.

SIES for draft language, PMA for approval

Documentation, procedure

minor

4.2.4.4 Credential issuance records retention – IdPO shall retain records of credential issuance and revocation for minimum of 180 days beyond expiration of the credential. VT User CPS states VTCA retains audit logs for 1 year.

PMA, SIES

documentation, Infrastructure, TAS

minor

...

 Management Assertion:

...

Evidence of Compliance:

...

4.2.5 Authentication Process

...