The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.

  • Icebreaker: Chip Away at Active Directory Passwords, Automatically

    March 16, 2018, Dan McInerney, Senior Security Consultant, Coalfire

    To break the ice with Active Directory and shorten the cycles penetration testers spend on cracking passwords, I developed Icebreaker, a tool that automates network attacks against Active Directory and provides plaintext credentials. Icebreaker performs five network attacks in order...

    Read more
  • The Effect of NIST 800-171A on Government Contractors

    March 13, 2018, Mali Yared, Director, Cyber Risk Advisory, Coalfire

    NIST 800-171A has been widely discussed in our industry, and NIST has promised to release it sometime in 2018. It introduces a standardized opportunity to perform a more structured and granular level of assessment leveraging the National Institute of Science and Technology (NIST) Special Publication (SP) 800-171 framework.

    Read more
  • Managing Your Vulnerabilities, FedRAMP Style

    March 12, 2018, Dana Scaffido, Senior Consultant, Cyber Engineering, Coalfire

    As a member of Coalfire’s Cyber Engineering team, I frequently get questions about vulnerability Deviation Requests (DRs) from Cloud Service Providers (CSPs) seeking Federal Risk and Authorization Management Program (FedRAMP) authorizations. In this post, I’ll try to answer questions we frequently encounter about Deviation Requests and provide some useful resource links.

    Read more
  • Highlights from the HITRUST Third-Party Assurance Summit

    March 07, 2018, Andrew Hicks, Managing Principal, Coalfire

    The HITRUST TPA Summit brought together experts representing customers, vendors, and assessor firms in various aspects of risk management to share best practices, lessons learned and effective third-party risk management strategies leveraging the HITRUST CSF Assurance Program and HITRUST Assessment Exchange. Coalfire sent a team of healthcare experts to the Chicago event to meet with our HITRUST clients and folks from organizations who are thinking about a HITRUST journey. We were also there to find out what’s next for the HITRUST CSF, and we found out that the future is exciting!

    Read more
  • DFARS 7012 Compliance

    March 06, 2018, Mali Yared, Director, Cyber Risk Advisory, Coalfire

    At Coalfire, we field a lot of questions from government contractors about compliance with National Institute of Science and Technology (NIST) Special Publication (SP) 800-171. We also address requests for help with “DFARS 7012,” which is a commonly used shorthand for Defense Acquisition Regulation Supplement (DFARS) 252.204-7012. The information below should help to clarify some common questions around the purpose of each and links between them.

    Read more
  • Displaying results 1-5 (of 271)
     |<  < 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics


RSS Feed

The Coalfire BlogSubscribe to Feed
Chrome users will need to install RSS Subscription Extension (by Google)