The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts.


  • FedRAMP 101: How to get listed as “In Process”

    Marc Zurcher, Senior Manager, FedRAMP Assurance Services, Coalfire

    Are you a cloud service provider working on a federal contract and need a FedRAMP authorization – but don’t have a sponsor yet? Acquiring a committed government agency sponsor early in the FedRAMP process is crucial to your success and will ensure a smoother process. A major role for an agency sponsor is to identify which risks they are willing to accept in your Cloud Service Offering (CSO) that may not fully align with FedRAMP requirements.

    Read more
  • Chasing doorbells: Finding IoT vulnerabilities in embedded devices

    Tyler Bennett, Consultant, Penetration Testing, Coalfire

    The goal of this research project was to see if we could find any vulnerabilities and obtain full persistence on an IoT device, while learning about embedded devices in general. This post will take you through our journey to find vulnerabilities in a common, reasonably priced IoT device. For our research, we chose a Night Owl ISP Smart Doorbell – WD2CLM.

    Read more
  • New OCR-ready risk analysis: Why the confusion?

    Rich Curtiss, Director, Healthcare Cyber Risk Services, Coalfire

    Are you ready for an Office for Civil Rights (OCR) investigation? Will your risk analysis and risk management methodologies and documents be sufficient to meet the HIPAA Security Rule?

    Read more
  • Key scoping factors when pursuing ISO 27001 certification

    Jimmy Dilz, Senior Consultant, ISO Assurance, Coalfire

    Service providers that seek the most recognized implementation of an information security baseline and governance structure should consider the ISO/IEC 27001:2013 (“ISO 27001”) standard. The information security management system (ISMS) prescribed by this widely adopted publication engages personnel at every level of an organization to ensure information security-focused processes and controls are implemented, maintained, and continuously improving. Rather than focusing solely on the establishment of information security controls, the ISMS challenges service providers to first consider risks and then develop processes that enable an effective control environment.

    Read more
  • P2PE v3.0 – Why organizations should prepare now

    Andrey Sazonov, Senior Consultant, Application Validation, Coalfire

    The Payment Card Industry Security Standards Council (PCI SSC) published version 3.0 of the Point-To-Point Encryption (P2PE) standard back in December 2019. The new version simplifies and adds flexibility to the process for component and solution providers to validate their P2PE products for cardholder data protection efforts and will ultimately result in more PCI P2PE solutions available in the market. Organizations should prepare now for moving to the new standard.

    Read more
  • Displaying results 41-45 (of 154)
     |<  <  5 - 6 - 7 - 8 - 9 - 10 - 11 - 12 - 13 - 14  >  >| 

Recent Posts

Post Topics

Archives

Tags

Top