1. Home
  2. Blog
  3. March 2017

The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.

  • DevOps, Automation, Security and Compliance

    March 21, 2017, Andrew Barratt, Managing Principal - Application Security, Coalfire

    Phew, the title of this post alone sounds like it could be quite a lot to deal with!

    So what is DevOps? DevOps is simply the blending of infrastructure operations processes and software development to enable faster changes to business applications/technology. These processes share a lot of ideology with the Agile & Lean camps but are more fundamentally trying to bridge the traditional divide between the development world and the IT operations/Service management teams.

    Read more

  • FedRAMP Tailored program for low-risk use cloud service offerings

    March 08, 2017, Abel Sussman, Senior Project Manager, Commercial Services, Coalfire

    On February 16, the FedRAMP Project Management Office (PMO) released the new FedRAMP Tailored security controls baseline for public comment (comment period closes March 17, 2017).  The new FedRAMP Tailored security controls baseline was created for Cloud Service Providers (CSPs) who have cloud service offerings (CSO) that do not require the more stringent process of FedRAMP Moderate or FedRAMP High security control baselines.

    Read more

  • New York State Implements Cybersecurity Regulation 23 NYCRR 500

    March 02, 2017, Bob Post, Senior Practice Director, Cyber Risk Advisory, Coalfire

    On March 1st, 2017, sweeping new cybersecurity requirements were placed on organizations regulated by the New York State Department of Financial Services. The law applies to a broad set of ‘covered entities’ that are supervised by the NYDFS, including banks, trusts, budget planners, check cashers, credit unions, money transmitters, licensed lenders, mortgage brokers or bankers, and insurance companies that do business in New York. While large entities most likely meet these requirements already -- and very small entities are exempted from some of the requirements --, mid-market firms will be challenged to meet aggressive implementation timelines.

    Read more

  • Cloud Burst?

    March 01, 2017, Jeremy Gibbons, AWS Channel Lead, Coalfire

    The cloud can burst!? This week’s AWS service disruption showed us the importance of architecting a system to account for failure, and how to be successful when deploying your solution in the cloud.

    Read more

Recent Posts

Post Topics

Archives

Show more

RSS Feed

The Coalfire Blog Subscribe to Feed

Tags

2.0 3.0 access Agency AICPA Assessment assessments audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act Chertoff cloud Compliance credit cards C-Store Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Ed Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror interview IoT ISO IT JAB JSON keylogging labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA Safe Harbor scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi wireless women XSS
Close