The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts.

  • Thinking about data privacy strategically: four key questions

    Paul Sonntag, Director, Privacy

    It wasn’t that long ago when the concept of data privacy was mostly a legal question. Privacy obligations arose almost exclusively from regulations, so most organizations delegated the problem to legal counsel, who then tackled the problem through policy and contract language. At best, it was a cost of doing business. More often, the problem was simply ignored. Read more
  • DoD Cloud Computing Impact Levels 4-5

    Max Post, Senior Manager, FedRAMP Advisory

    Moving past DoD Impact Level 2 (IL2), the logical next step should be IL3; however, IL3 is no longer used by the Department of Defense (DoD) and has been consolidated into IL4. DoD IL4 is designed to store, process, and transmit up to controlled unclassified information (CUI) related to military or contingency operations. Classified information (i.e., secret or top secret) is not permitted within either an IL4 or IL5 Cloud Service Offering (CSO). DoD Mission Owners must appropriately categorize their information to include only CUI suitable for an IL4 or IL5 hosting environment. CUI types are defined within the CUI Registry, which is hosted by the U.S. National Archives and Records Administration (NARA). Read more
  • Requirements for DoD Impact Level 2

    Max Post, Senior Manager, FedRAMP Advisory

    As discussed in the previous blog post on FedRAMP+, there are four authorization levels defined in the Department of Defense (DoD) Cloud Computing (CC) Security Requirements Guide (SRG). In this post we will give a brief rundown of the lowest authorization level, DoD Impact Level (IL) 2, and the security requirements and key takeaways for Cloud Service Providers (CSPs) looking to receive a DoD IL2 Provisional Authorization (PA).

    Read more
  • What is FedRAMP+?

    Keith Kidd, Director, FedRAMP Assessment, Coalfire

    The Department of Defense (DoD) Cloud Computing (CC) Security Requirements Guide (SRG) Version 1, Release 3 defines FedRAMP Plus (FedRAMP+) as:

    “… the concept of leveraging the work done as part of the FedRAMP assessment and adding specific security controls and requirements necessary to meet and assure DoD’s critical mission requirements. A CSP’s CSO can be assessed in accordance with the criteria outlined in this SRG, with the results used as the basis for awarding a DoD provisional authorization.”

    Read more
  • Data privacy: What’s new in cross-border transfers? The Standard Contractual Clauses

    Lisa Gumbs, Senior Consultant, Commercial Services, GDPR, Coalfire

    The transfer of personal data between companies and countries is vital for smooth data processing operations. When transferring data out of the European Union, companies are required to comply with the General Data Protection Regulation (GDPR) which requires that any data that is transferred to a vendor in a third country for processing must receive the same level of protection as required by the EU. The GDPR specifically prohibits transfer of personal data to third countries that do not have an adequate level of data protection. To lawfully transfer data out of the EU to another country, the data controller must have a lawful mechanism in place to make the transfer. In the not-too-distant past, US companies primarily relied on Privacy Shield certification or the Standard Contractual Clauses in contracts with vendors to authorize that data transfer. Read more
  • Displaying results 6-10 (of 154)
     |<  <  1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10  >  >| 

Recent Posts

Post Topics