Coalfire ramps up for StateRAMP — What you need to know…

Jason Oksenhendler, Director, FedRAMP Advisory Services, Coalfire

There has been a lot of buzz during the past year or so about StateRAMP (SR). SR was an idea born out of helping state and local governments efficiently and effectively verify cybersecurity and manage third-party risk. SR is a 501-c6 non-profit, membership-based organization based in Indiana and after April 1st, cloud service provider (vendor) memberships and assessments will begin. Here is an FAQ we put together on StateRAMP.

Waking up to the new realities of privacy risk and the need for focused expertise

David Forman, VP, Privacy and International Assurance, Coalfire

Last month, Coalfire announced that our certification body was awarded yet another of many “firsts.” In this scenario, Coalfire was the first to expand its registration to a second accreditation body as part of its certification services related to ISO 27701, a framework that governs the activities of privacy information management.

Success stories in cybersecurity and information technology

Ian Walters, Principal, Thought Leader, Coalfire

RISE is Coalfire’s initiative to Recruit, Influence, Support, and Educate women in cybersecurity. I am honored to have been invited to be an active member of the RISE steering committee and help contribute to this worthy cause.

New cybersecurity legislation to amend the Health Information Technology for Economic and Clinical Health (HITECH) Act – an analysis of H.R. 7898

Rich Curtiss, Director, Healthcare Cyber Risk Services, Coalfire

New legislation was passed by Congress and signed by the president on January 5, 2021 that amends the HITECH Act with an additional section titled: SEC. 13412. RECOGNITION OF SECURITY PRACTICES.¹

Latest round of OCR audits highlight HIPAA risk analysis and risk management shortcomings

John Piotrowski, Senior Consultant, Healthcare Cyber Risk Services, Coalfire

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) has released its latest report with findings from their 2016 and 2017 series of audits as required under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)/HITECH Privacy, Security, and Breach Notification Rules (HIPAA Rules).