The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts.


  • What You Need to Know from the North American PCI Community Meetings

    October, 2018, Dan Fritsche, Principal, Retail and Financial Services

    Too busy to attend the PCI Community Meetings this year? Coalfire has you covered with the top 6 things you need to know from the most important annual payments conference in the world.

    Read more
  • PCI DSS v3.2.1 – What You Need to Know

    May, 2018, Karl Steinkamp, Director, PCI Product and Quality Assurance

    On Thursday, May 17, the PCI Security Standards Council (PCI SSC) released an updated version of the PCI DSS standard, primarily to include clarifications and minor revisions around controls that referenced SSL/early TLS. The new version removes notes referring to the effective date of February 1, 2018 for applicable requirements, as this date has passed. Unlike prior PCI DSS version updates, this update does not include any new control requirements. With that in mind, there are some key specifics that are applicable to merchants and service providers.

    Read more
  • PCI Compliance: Early-TLS and Cloud Service Providers

    April, 2018, Dan Stocker, Practice Director, Payments, Cloud & Tech

    Organizations tracking their PCI compliance are likely aware of the impending June 30, 2018 deadline to disable SSLv3 and early-TLS. This blog post examines the special case of Cloud Service Providers (CSPs) and how their customers should proceed to achieve compliance.

    Read more
  • News and Updates from the PCI Europe Community Meeting

    November, 2017, Sam Pfanstiel, Senior Consultant, P2PE, Coalfire

    In September, Hurricane Irma forced the PCI SSC to cancel the North America Community Meeting; and the uncertainty of Catalonian independence from Spain may have led some to stay home from the Europe Community Meeting held in Barcelona last week. Nevertheless, the Coalfire team was well-represented in Barcelona. Because there were so many valuable updates, we offer this summary to keep you informed of these important developments in the world of PCI.

    Read more
  • An Analysis of PCI DSS Requirement 11.3.4.1 and the Compliance Expectations

    October, 2017, Jason Pieters, Product Director, PCI, Coalfire

    For some organizations, understanding, navigating, and complying with the Payment Card Industry (PCI) Data Security Standard (DSS), especially after the release of the latest version (v3.2) released in April 2016, has become confusing and/or challenging because of the inclusion of phased-in applicability of requirements. The most common questions that Coalfire receives from clients are regarding requirement 11.3.4.1

    Read more
  • Displaying results 11-15 (of 44)
     |<  <  1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9  >  >| 

Recent Posts

Post Topics

Archives

Tags

Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff CISO cloud CMMC CoalfireOne Compliance Covid-19 credit cards C-Store Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi women XSS
Top