The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • What You Should Know About the Changing Nature of Telephone-Based Payments

    December 10, 2018, Karl Steinkamp, Director, PCI Product and Quality Assurance

    In March 2011, the PCI SSC released the initial version of the “Protecting Telephone-Based Payments Card Data” Information Supplement as a guide to help assessors assess environments where cardholder data was stored, processed, and/or transmitted over the telephone. It was a pivotal guidance document at the time that set the stage for a broader focus on telephony technologies. As of November 2018, that time has finally arrived. The revised document provides a comprehensive dive into various telephony architectures (specifically VoIP, ISDN, and PSTN) and related people and processes that are required to be considered within scope for PCI DSS compliance.

    Read more
  • What You Need to Know from the North American PCI Community Meetings

    October 05, 2018, Dan Fritsche, Principal, Retail and Financial Services

    Too busy to attend the PCI Community Meetings this year? Coalfire has you covered with the top 6 things you need to know from the most important annual payments conference in the world.

    Read more
  • PCI DSS v3.2.1 – What You Need to Know

    May 18, 2018, Karl Steinkamp, Director, PCI Product and Quality Assurance

    On Thursday, May 17, the PCI Security Standards Council (PCI SSC) released an updated version of the PCI DSS standard, primarily to include clarifications and minor revisions around controls that referenced SSL/early TLS. The new version removes notes referring to the effective date of February 1, 2018 for applicable requirements, as this date has passed. Unlike prior PCI DSS version updates, this update does not include any new control requirements. With that in mind, there are some key specifics that are applicable to merchants and service providers.

    Read more
  • PCI Compliance: Early-TLS and Cloud Service Providers

    April 23, 2018, Dan Stocker, Practice Director, Payments, Cloud & Tech

    Organizations tracking their PCI compliance are likely aware of the impending June 30, 2018 deadline to disable SSLv3 and early-TLS. This blog post examines the special case of Cloud Service Providers (CSPs) and how their customers should proceed to achieve compliance.

    Read more
  • News and Updates from the PCI Europe Community Meeting

    November 06, 2017, Sam Pfanstiel, Solution Principal, PCI, Coalfire

    In September, Hurricane Irma forced the PCI SSC to cancel the North America Community Meeting; and the uncertainty of Catalonian independence from Spain may have led some to stay home from the Europe Community Meeting held in Barcelona last week. Nevertheless, the Coalfire team was well-represented in Barcelona. Because there were so many valuable updates, we offer this summary to keep you informed of these important developments in the world of PCI.

    Read more
  • Displaying results 1-5 (of 35)
     |<  < 1 - 2 - 3 - 4 - 5 - 6 - 7  >  >| 

Recent Posts

Post Topics

Archives

Tags