The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • Guest blog: PCI audits and how to recognize a good QSA auditor and partner

    July 22, 2015, Patrick Townsend, Townsend Security

    Many organizations approach a PCI audit with fear and trepidation. There are a lot of stories out there about how difficult, expensive and disruptive a PCI audit can be, but I want to see if I can add some balance to this view. I believe that when it comes to a PCI auditor it matters a great deal who you are working with. We just completed a PCI audit of our Alliance Key Manager for VMware solution and it gave me a whole new perspective and attitude about the audit process. Our PCI work was conducted by Coalfire, a security company that provides PCI audit services as well as audit services for the health and financial communities. Most of my remarks will reflect on the great experience we had with Coalfire and some of the lessons we learned.

    Read more
  • PCI Scope Assessments for Higher Education Institutions

    July 13, 2015, Tyler Baker, Regional Sales Manager

    With the release of PCI DSS version 3.0 and more recently 3.1, many Higher Education Institutions have found it hard to know which SAQ’s they should be filling out since there are now nine options. Higher Education Institutions have very complex merchant card environments and with the new requirements it is even harder to recognize what’s in scope.  Tyler Baker interviews Dirk Anderson, the Vice President of Enterprise Risk & Compliance Platform at Coalfire, to get a deeper understanding of PCI Scope Assessment.

    Read more
  • P2PE in Higher Education--Reducing Applicable Controls

    June 04, 2015, Tyler Baker, Regional Sales Manager

    Point to Point Encryption (P2PE) is the hottest topic in the PCI world right now and many of our Higher Education clients are anxious to take advantage of the solutions available to them.  However, with 2.0 not yet released, and then the subsequent release of the audit guidelines, there are many questions on how to benefit from a reduction in applicable controls.  This blog post is the result of an interview with Tyler Baker (Regional Sales Manager focused on Higher Education), Mark Lucas (VP over Higher Education Delivery) and Tim Winston (Director over our P2PE practice).

    Read more
  • PCI DSS version 3.1 released!

    April 15, 2015, Matt Getzelman, PCI Practice Director

    As expected, a “minor” revision to the PCI DSS 3.0 standard (now version 3.1) was released by the PCI SSC today to address the vulnerabilities exposed by the POODLE and BEAST browser attacks. PCI DSS 3.1 primarily addresses the insecure use of SSL as an encryption protocol within a Cardholder Data Environment (CDE). In response, the SSC has updated PCI DSS requirements 2.2.3, 2.3 and 4.1 to remove any references that cite SSL 3.0 and early versions of TLS 1.0 as examples of strong cryptography.

    Read more
  • What does PCI DSS 3.1 and PA-DSS 3.1 mean for you and your organization

    February 19, 2015, Matt Getzelman, PCI Practice Director

    In the wake of the POODLE vulnerability identified by NIST and subsequent attacks, the PCI SSC has announced its intent to release the first revision of the PCI DSS 3.0 and PA-DSS 3.0 standards. The PCI DSS 3.1 and PA-DSS 3.1 standards will indicate that the SSL v3.0 protocol no longer meets the PCI SSC’s definition of “Strong Encryption” and this will have immediate impact to several existing requirements.  However, one key point from the announcement should be highlighted:

    Read more
  • Displaying results 16-20 (of 34)
     |<  <  1 - 2 - 3 - 4 - 5 - 6 - 7  >  >| 

Recent Posts

Post Topics

Archives

Tags