Child pages
  • Assurance Implementation Example - Virginia Tech

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Virginia Tech's IdMS Operations are managed to resist various potential threats such as unauthorized intrusions and service disruptions that might result in false Assertions of Identity or other erroneous communications. 

Evidence of Compliance:

The  Virginia Tech User CA Certification Practice Statement describes controls for EJBCA software maintenance and security in sections 6.6.1 and 6.6.2. Section 6.7 specifies that Network Security Controls must be implemented to protect against known network attacks. Controls include up to date patching of operating system and application software, appropriate network boundary controls, turning off unused network ports and services, restricting installed software to that which is required to operate the CA. Login access to the VTCA and TAS requires the use of the eToken, issued at the Silver level. Audit logs and archives are maintained, with restricted access to those logs. Separation of duties for PKI roles is required and enforced through data base roles, and secured channels are used for all network communication. The servers are scanned daily by the Information Security Office. Disaster recovery plans are documented and tested.

Hardware for the VTCA and IdP is located in the Information Systems Building data center. All access to the building is monitored with video cameras, with entry doors requiring swipe cards. Additional biometric access is provided for machine room entry. Machine room visitors are required to have an escort and sign a log book. Fire suppression systems are installed, and cooling and other environmental factors are monitored. Power is backed by UPS and generator, with sufficient redundancy to provide a reliable operating environment. 

Our Shibboleth IdP is configured in a high availability environment to minimize system failures, but the database is a single point of failure. Should a failure occur, the result should be unavailability, not an inaccurate assertion.