The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts.


  • What to Expect in the initial FedRAMP briefing with your Agency Sponsor and the PMO

    Nick Peters, Senior Manager, FedRAMP Assurance Services, Coalfire

    Most people who have spent any time researching the FedRAMP authorization process know there are two routes for a Cloud Service Provider (CSP) to become FedRAMP authorized: Agency and Joint Authorization Board (JAB). Because of the limited number of CSPs selected each quarter for the JAB authorization process (FedRAMP Connect), many CSPs follow the agency authorization path. In fact, 77% of authorized CSPs have an Agency Authorization to Operate (ATO).

    Read more
  • FedRAMP – 8 years in and 100 assessments achieved

    Michael Carter, Vice President, Cyber Assurance – FedRAMP

    Back in 2011, if you had asked me what cloud computing was, I would have looked at you with a blank look on my face. At the time, I was supporting a Federal client when my boss asked me to assist in applying to become a 3PAO. I had no clue what 3PAO even stood for (it stands for Third-Party Assessment Organization), but I volunteered to support the cause.

    Read more
  • Cybersecurity Risk Management – From HIPAA to HITRUST

    Rich Curtiss, Director, Healthcare Cyber Risk Services, Coalfire

    Cybersecurity risk management for healthcare organizations continues to be a perplexing issue. While it is explicit in the security management standard of the HIPAA Security Rule that a Covered Entity and their Business Associates must conduct an “accurate and thorough” risk analysis teamed with a plan to “implement security measures to reduce risks,” it is not immediately clear how this is to be accomplished.

    Read more
  • Cloud Transformation and the Shared Security Model

    Sean Cyriaque, Senior Consultant, Cyber Risk Advisory, Coalfire

    For many organizations, the lure of the cloud is very strong. Large enterprises usually have several justifications for adopting cloud-based services including preserving capital, adding scalability to applications, and minimizing IT staffing needs. Small- to medium-sized organizations often look at the cloud as an avenue to achieve all those same goals without the need for improved security skills from their existing IT staff. But as the number and sophistication of attacks in the cloud grow exponentially, there is increasing confusion regarding who is responsible for the security and compliance of applications and data in the cloud.

    Read more
  • The Basics of Exploit Development 3: Egg Hunters

    Andy Bowden, Consultant, Coalfire Labs

    Hello dear reader. If you have read the other articles in this series, welcome back!  If not I encourage you to read the previous installments before proceeding with this post. This post covers a surprisingly useful technique in exploit development called Egg Hunters. In order to demonstrate how Egg Hunters function, we will write an exploit for a 32 bit Windows application vulnerable to a SEH overflow. However, due to how the application handles input, we will be required to use an Egg Hunter to locate our payload in memory move execution to it.

    Read more
  • Displaying results 56-60 (of 149)
     |<  <  8 - 9 - 10 - 11 - 12 - 13 - 14 - 15 - 16 - 17  >  >| 
Top