The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • NIST SP 800-171A Assessment: Finalized Assessment Objectives Foster a Roadmap to Compliance

    July 13, 2018, Mandy Pote, Senior Consultant, Cyber Risk Services, Coalfire

    On June 13, 2018, NIST formally released their Special Publication (SP) 800-171A, Assessing Security Requirements Controlled Unclassified Information (CUI).This publication provides organizations with an assessment methodology to evaluate their compliance with the CUI security requirements defined in NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, which went into effect on December 31, 2017.

    Read more
  • Expanded Privacy Protections Granted to California Residents: The California Consumer Protection Act

    July 11, 2018, Lisa Gumbs, Senior Consultant, Commercial Services, GDPR, Coalfire

    In late June, California passed a new consumer privacy law—the California Consumer Privacy Act (CCPA). This statute provides protections to California residents; but it will also have wide-ranging effects outside of California as it will apply to organizations that conduct business in California. The CCPA, which goes into effect on January 1, 2020, will be the broadest privacy law in the United States, granting more protections to personal data than any current privacy statute.

    Read more
  • Incident Response: Do Your Vendor Contracts Have Claws (for Liability)?

    July 09, 2018, Doug Hudson, Senior Director, Cyber Risk Advisory, Coalfire

    In previous blogs, we’ve discussed some of the struggles organizations have when responding to cyber incidents. For many, it is the recovery aspect, and specifically vendor liability for the data or privacy breach, that poses many questions. In trying to assign liability, the obvious place to start is the contract with the vendor. Generally, most vendor contract language limits liability to some small percentage of the contract value, and most contracts have limited liability clauses that completely remove vendor liability relating to damages even if the vendor is negligent in its implementation of the product or service.

    Read more
  • Common Questions and Answers Salesforce ISVs Need to Know for FedRAMP

    July 09, 2018, David Clevenger, Senior Director FedRAMP Assessment Services, Coalfire

    Many Salesforce Independent Software Vendors (ISVs) are interested in pursuing FedRAMP to serve federal customers, but have many questions about the process. The four questions below are the most common questions that Coalfire receives from these ISV partners; we have provided some basic responses to help provide a better understanding of the Salesforce FedRAMP process.

    Read more
  • Executing Meterpreter on Windows 10 and Bypassing Antivirus

    June 26, 2018, Esteban Rodriguez, Consultant, Coalfire Labs, Coalfire

    One of my Labs colleagues recently published an article on the Coalfire Blog about executing an obfuscated PowerShell payload using Invoke-CradleCrafter. This was very useful, as Windows Defender has upped its game lately and is now blocking Metasploit’s Web Delivery module. I wanted to demonstrate an alternate way to achieve the same goal, without dropping any files on the host system while providing more options depending on what ports can egress the network.

    Read more
  • Displaying results 16-20 (of 317)
     |<  <  1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics

Archives

Tags