Lucene search
K

9 matches found

Talos Blog
Talos Blog
added 2024/10/10 6:0 p.m.36 views

What NIST’s latest password standards mean, and why the old ones weren’t working

Say goodbye to the days of using the "@" symbol to mean "a" in your password or replacing an "S" with a "$." The U.S. National Institute of Standards and Technology NIST recently announced new guidelines for the ways website and organizations should handle password creation and management that wi...

8.1CVSS9.9AI score0.60954EPSS
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/11/15 12:14 a.m.13 views

Threat and vulnerability management - No time for complacency

There was some very good news in Coalfires 4th Annual Penetration Risk Report. Most notable was that high-risk vulnerabilities have been cut almost in half since 2018 when we first began reporting our pen testing research derived from thousands of direct client engagements. Also of note, the larg...

1.2AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/11/02 7:51 p.m.16 views

FedRAMP® CSPs face a new challenge meeting FIPS Compliance

The Federal Risk and Authorization Management Program FedRAMP requires Cloud Service Providers CSPs to meet federal mandates and achieve or maintain a FedRAMP authorization. One of those mandates require the consistent use of FIPS 140-2 validated cryptographic modules everywhere cryptography is...

1.5AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2022/10/10 5:9 p.m.15 views

Highlights from FedRAMP®’s new Penetration Test Guidance

In an effort to stay on top of the evolving threats being faced by the cloud community, the FedRAMP PMO released Version 3.0 of their Penetration Test Guidance, dated June 30, 2022. 3PAOs and CSPs should begin using the updated pen test guide for pen tests beginning shortly after June 5, 2022,...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2021/03/31 3:34 p.m.40 views

Extending your FedRAMP Program to Container Infrastructure with the Qualys Cloud Platform

Following the recent release of the FedRAMP Vulnerability Scanning Requirements for Containers, FedRAMP-authorized systems that make use of containers have one month from March 16, 2021 to submit a plan for compliance with the new requirements. Organizations with a need to certify their services...

0.8AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/04/27 4:44 p.m.10 views

So your company has decided to do FedRAMP - What does that mean?

The exponential increase in cloud adoption in recent years has led to a dramatic increase in technology companies evolving from software and application companies to Software as a Service SaaS, Platform as a Service PaaS or Infrastructure as a Service IaaS providers. The 2011 release of the Cloud...

3.5AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2017/10/18 11:3 p.m.7 views

Top 10 Things CSPs Need to Know about FedRAMP Authorization on Amazon Web Services

Coalfire conducted a webinar, FedRAMP on AWS: What you need to know. The discussion covered what cloud service providers need to know when pursuing FedRAMP authorization leveraging AWS U.S East/West or GovCloud. Below youll find the Top 10 things that cloud service providers should know...

6.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2017/02/02 10:49 a.m.13 views

FedRAMP Readiness Assessment Report (RAR) template launched

As part of the FedRAMP Accelerated process, cloud service providers CSPs can now complete a Readiness Assessment Report RAR to demonstrate their readiness for the FedRAMP process. The RAR is required for CSPs pursuing the FedRAMP JAB approval route. CSPs should also consider having a Readiness...

2.8AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2012/11/13 9:18 a.m.8 views

FedRAMP Question and Answer session from PMO webinar

On October 25, the FedRAMP PMO conducted its first webinar, in what will be a series of webinars, on the FedRAMP process. This first webinar covered the four methods that CSPs can get listed in the FedRAMP repository. This webinar is well worth the time to listen to it. The PMO had a lengthy Q&A...

6.8AI score
Exploits0
Rows per page
Query Builder