The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • The PCI SAQ P2PE-HW: Patience, POIs and PIMs

    January 15, 2013, Dan Fritsche, Practice Director, Coalfire Labs

    The new PCI SAQ P2PE-HW (Point to Point Encryption Self-Assessment Questionnaire) was released in July 2012, and many  merchants are excited about the prospect of  a shorter, less arduous compliance validation effort.  After all, it’s significantly shorter than the SAQ-D; instead 12 sections, there are 4, and 284 controls are reduced to 19.

    Read more
  • What's Next in Retail IT? The Convergence of Mobile, P2PE and the Cloud

    January 15, 2013, Rick Dakin, CEO, Co-founder and Chief Security Strategist

    Greetings from the Javits Center in New York City, the site of the National Retail Federation’s Big Show.  This year, the theme of NRF is “Next”.

    When it comes to Retail technology – and in particular, security and compliance, the most talked about “next” things are:

    Read more
  • P2P Encryption Program now available from PCI Council

    May 25, 2012, Mike Weber, Vice President, Coalfire Labs

    The PCI council has updated the Point-to-Point encryption (P2PE) program requirements (PDF). The update impacts merchants, payment applications, point of sale vendors and service providers. As a participating organization of the PCI P2PE task force, providing input into the standard, I wanted to briefly explain how this affects the various PCI ecosystem participants.

    The ultimate goal of the P2PE program is to reduce the PCI DSS scope that merchants experience by shifting the burden away from merchants toward solution providers who are providing validated P2PE solutions. Deploying validated P2PE solutions will simplify PCI DSS validation for merchants while reducing the risk of cardholder data breaches.

    Read more
  • Displaying results 6-8 (of 8)
     |<  <  1 - 2 >  >|

Recent Posts

Post Topics

Archives

Tags