Pulling Back the Curtain
Travis Finn, Consultant, CoalfireOne Scanning Services
As ASVs, a lot of what we do is shrouded in mystery and danger (well, at least the former of those two). Today, we would like to take a moment to let you in on some of the processes we use to deal with all those disputes you might have to submit.
Healthcare Slow to Adopt NIST Digital Identity and Authentication Guidance
Rich Curtiss, Director, Healthcare Cyber Risk Services, Coalfire
The National Institute of Standards and Technology (NIST) published an updated guide (Special Publication 800-63b) for Digital Identity Guidance in June 2017. This is a comprehensive and holistic guide to authentication processes, which includes choices of authenticators that may be used at various Authenticator Assurance Levels (AALs). It provides recommendations on the lifecycle of authenticators, including revocation in the event of loss or theft, complexity requirements, and authenticator expirations.
Preparing for PCI DSS 4.0
Andrew Barratt, Managing Principal, Solution Validation, Coalfire
PCI DSS 4.0 is currently in its request for comments (RFC) process, where the industry can provide comments and feedback to help shape the next iteration. This process is initially open to the participating organizations – members that help steer and inform the PCI SSC based on their experiences. The RFC period for PCI DSS 4.0 ends in November 2019, and the council hopes to release PCI DSS 4.0 toward the end of 2020.