The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.

  • Long-awaited HIPAA Omnibus Rule is Unveiled

    January 21, 2013, Andrew Hicks, Managing Principal, Coalfire

    As of January 17, 2013, the HIPAA Omnibus Rule has finally been released by the Department of Health and Human Services (HHS), which will modify the HIPAA privacy, security, and enforcement rules.  The package of regulations, in regard to this long-overdue HIPAA Omnibus Rule, will officially be posted on the Federal Register on January 25, 2013 and will be put into effect on March 26, 2013.  Covered entities and business associates will have until September 23, 2013 to comply with the new regulations.

    Read more
  • FedRAMP PMO - FedRAMP Process and Developing SSP webinar Q&A

    January 16, 2013, Tom McAndrew, EVP Commercial Services, Coalfire

    The FedRAMP program continues to gain momentum and GSA and the FedRAMP PMO conduct great, interactive, webinars available to attend live or to watch later. There is much to learn from the GSA on how to navigate the FedRAMP process according to their requirements. Read more
  • South Carolina Data Breach Survey Results on Residents' Attitudes

    January 15, 2013, Rick Dakin, CEO, Co-founder and Chief Security Strategist

    Coalfire recently conducted a survey of South Carolina residents who were victims of the recent data breach at the Department of Revenue. The data breach affected residents of the State who had filed their taxes online exposing 3.8 million taxpayer Social Security numbers and nearly 400,000 credit and debit card numbers.

    Read more
  • The PCI SAQ P2PE-HW: Patience, POIs and PIMs

    January 15, 2013, Dan Fritsche, Practice Director, Coalfire Labs

    The new PCI SAQ P2PE-HW (Point to Point Encryption Self-Assessment Questionnaire) was released in July 2012, and many  merchants are excited about the prospect of  a shorter, less arduous compliance validation effort.  After all, it’s significantly shorter than the SAQ-D; instead 12 sections, there are 4, and 284 controls are reduced to 19.

    Read more
  • What's Next in Retail IT? The Convergence of Mobile, P2PE and the Cloud

    January 15, 2013, Rick Dakin, CEO, Co-founder and Chief Security Strategist

    Greetings from the Javits Center in New York City, the site of the National Retail Federation’s Big Show.  This year, the theme of NRF is “Next”.

    When it comes to Retail technology – and in particular, security and compliance, the most talked about “next” things are:

    Read more
  • Small Breach, Big Settlement

    January 08, 2013, Andrew Hicks, Managing Principal, Coalfire

    Earlier this week the Department of Health and Human Services (HHS) announced the first ever breach settlement where fewer than 500 patient records were compromised.  The $50,000 settlement was issued as a result of 441 patient records being stored on an unencrypted laptop that was stolen from the Hospice of North Idaho (HONI).

    Read more
  • P2PE Hybrid, the next best thing since the Prius

    January 07, 2013, Dan Fritsche, Practice Director, Coalfire Labs

    P2PE promises many things, the most coveted being scope reduction for the merchant and a shifting of the compliance burden from the merchant to the service provider. A properly implemented P2PE solution can indeed reduce the risk of compromise for a merchant as well as reduce the scope of what must be done to continue to maintain compliance to the PCI DSS.

    Read more

Recent Posts

Post Topics

Archives

RSS Feed

The Coalfire BlogSubscribe to Feed
Chrome users will need to install RSS Subscription Extension (by Google)

Tags