...
What did the auditors do during the audit?
info coming soon
The auditors met weekly with the Virginia Tech InCommon Silver project leads. Initially, we discussed the scope of each IAP section and compliled a list of references, including documentation and technical personnel. The auditors read the referenced policy documents and interviewed technical personnel who explained, where applicable, how the policies were implemented and enforced in technology and software. Auditors performed vulnerability scans and examined configuration files. The auditors obtained eTokens and observed the procedures for identity proofing, registration, and certificate issuance. Certificates were examined to verify the Object identifier that corresponds to a Bronze or Silver credential.
Scope:
Gap Analysis:
Management Assertion:
...