The Coalfire Blog
Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique IT GRC issues that impact the industries we serve, including Retail, Financial Services, Healthcare, Higher Education, Software, Government and Utilities.
The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.
Moving to the Cloud: Considerations for Implementing Cloud Migration Plans
May 25, 2012, Kennet Westby, President and COO
Over 60 executive level attendees came to the Omni Interlocken Resort in Broomfield, Colorado for the National Council of Higer Education Loan Programs (NCHELP) Spring convention and to hear from a panel of cloud experts on how the migration to cloud IT services could impact their business in the future. Read More
Posted in: cloud, compliance, security | 0 Comments
FISMA vs FedRAMP: Compliance requirement differences
May 03, 2012, Tom McAndrew, EVP, Coalfire Federal
Organizations that work with, or want to work with, government agencies must manage to government compliance regulations. Almost everyone is familiar with the FISMA compliance standards, but with the announcement of FedRAMP, which provides a structure to manage compliance requirements for "a cloud first initiative" for government agencies and organizations working with them, there’s a new set of compliance requirements to adhere to. Or is there? Read More
Posted in: assessments, compliance, federal, FedRAMP, FISMA | 0 Comments
Surprises Ahead for Some Level 2 Merchants
April 12, 2012, Chris Lietz, Vice President, Marketing & Channels
The PCI DSS has been around for years, and most PCI “pro’s” are familiar with the processes needed to validate compliance. However, insiders often forget that small changes to the guidelines can have a big impact on merchants.
One such change is upon us: MasterCard’s new validation guidelines for Level 2 merchants that are scheduled to take effect on June 30, 2012. Read More
Posted in: compliance, merchant, pci | 0 Comments
RSA 2012: Mobile, Cloud, and Intelligent Control
March 02, 2012, Rick Norman, Director, Professional Services
It was good to catch up with our customers and partners at RSA 2012 this week. Much of the buzz this year was around mobile devices and securing the cloud. We were glad to see innovative organizations introducing compliance-validated architectures based on these emerging technologies. One such organization was Hewlett-Packard, a Coalfire client and business partner. Read More
Posted in: byod, cloud, compliance, RSA | 0 Comments
Formalized IT Security Policy Now Required for Government Prime and Sub-contractors
January 20, 2012, Alan Ferguson, Executive VP, Sales and Marketing, Co-founder
This month the GSA announced an IT security mandate for government prime- and sub-contractors that requires them to have a formalized IT security plan that includes periodic audits. Many government sub-contractors, large and small, will benefit from a third-party compliance program review so they can meet the intent of the rule but more importantly, they can promote an IT risk audit as a benefit to their customer base in their business development efforts. There are a large number of sub-contractors, including IT service providers, that will need to comply with this new mandate. Read More
Posted in: audit, cloud, compliance, federal, FedRAMP, FISMA, IT, program | 0 Comments