The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts.


  • PCI DSS for Large Organizations: A Coalfire Perspective

    Dan Stocker, Practice Director, Payments, Cloud & Tech

    As organizations grow, PCI DSS responsibilities become more complex. Logically, they gain more interconnected relationships internally and with third parties. Multiple payment channels, complex network architectures, and large inventories of devices in scope require preparation before performing assessments or maintenance. As a result, large organizations need to evolve their approach to PCI DSS awareness and compliance management across the entire organization so that security becomes business as usual.

    Read more
  • Attention Payment Application Developers: Begin Your Transition from the PA-DSS to the PCI SSF Today

    Nick Trenc, Director, Payments – Solution Validation, Coalfire

    The Payment Card Industry (PCI) Council plans to formally retire the Payment Application Data Security Standard (PA-DSS) in October 2022 and replace it with the PCI Software Security Framework (SSF). For vendors, the new framework expands program eligibility with improved support for evolving architectures / deployment models, streamlines the assessment process, and simplifies listing management. It also provides greater flexibility for meeting security requirements and modernizes the notion of application security for payment applications and the companies that develop them.

    Read more
  • Dodge Data Breaches with Real-Time PCI Compliance

    Aaron Reynolds, VP, Cyber Assurance – Payments, Coalfire

    It’s been five years since the PCI Council released the first “Best Practices for Maintaining PCI DSS Compliance” guidance document in August 2014. Since then, many prominent payment data breaches have occurred, with the finger often pointing to lapses in the affected organization’s compliance program for the PCI DSS.

    Read more
  • Preparing for PCI DSS 4.0

    Andrew Barratt, Managing Principal, Solution Validation, Coalfire

    PCI DSS 4.0 is currently in its request for comments (RFC) process, where the industry can provide comments and feedback to help shape the next iteration. This process is initially open to the participating organizations – members that help steer and inform the PCI SSC based on their experiences. The RFC period for PCI DSS 4.0 ends in November 2019, and the council hopes to release PCI DSS 4.0 toward the end of 2020. 

    Read more
  • Processing Payments in the Cloud

    Andrew Barratt, Managing Principal, Solution Validation, Coalfire

    Some things work so well together that even suggesting they don’t now seems almost ridiculous. But I wonder, who were the pioneers that fought back when questioned about the jelly on the PB? The savory with the sweet. The steak wrapped in cheese . . . those crazy hipsters spreading avocado on toast. Yet, now these are the norm, and so it’s time to embrace yet another: Payments and the Cloud. My teams work with some of the biggest payment processors in the world, and for years we saw reluctance, cloud inertia, and concerns over security and compliance. Some of these fears were reasonable at the time, such as concerns over outages and uptime – concerns that are reasonable when stepping into any commercial outsource-type of relationship.

    Read more
  • Displaying results 1-5 (of 44)
     |<  < 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9  >  >| 

Recent Posts

Post Topics

Archives

Tags

Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff CISO cloud CMMC CoalfireOne Compliance Covid-19 credit cards C-Store Culture Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DevSecOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi women XSS
Top