Privacy information management system considerations for ISO 42001

Organizations that want to pursue ISO 42001 certification and have an existing ISO management system in place need to consider how to integrate an AI management system with their current management system to ensure common objectives and obligations are maintained. The following blog post explores...

Celebrating Black History Month: Reflections as the Chair of Coalfire's Black Employee Resource Group

As we embark on another February, I am honored to reflect on the significance of Black History Month from the perspective of serving as the chair of Black Employees in Cybersecurity Obtaining Mentorship, Influence, Networking, and Growth B.E.C.O.M.I.N.G., Coalfire's Black Employee Resource Group...

Guardians of IoT: Addressing IoT security vulnerabilities in electric vehicles and charging stations

The rise of electric vehicles EVs and charging infrastructure necessitates robust security measures, especially in the context of IoT integration. Explore the vulnerabilities in EV systems and potential risks, proposing mitigation strategies like firmware updates, user authentication, intrusion...

The dark side of AI data privacy: What you need to know to stay secure

This blog post examines the threats of data leakage, bias, and overcollection in AI systems, offering valuable insights and recommendations for effective risk mitigation...

Mastering AI Risks: Navigating the NIST AI RMF Core with Coalfire

This article delves into mastering AI risks through the application of the NIST AI Risk Management Framework RMF Core. It emphasizes the importance of understanding and mitigating the multifaceted risks associated with AI, from ethical dilemmas to data security, and introduces Coalfires tailored...

Improving compliance management with mappings and automation

Based on the research in Coalfires 2023 Securealities Compliance Report, the third blog in this series examines one of the top concerns of CISOs and compliance program managers: realizing the value of a platform to simplify compliance...

Navigating the AI security landscape: The federal push for responsible AI adoption

This blog post discusses the U.S. government's commitment to responsible AI through the Executive Order and proposed legislation, outlines key provisions for AI risk management, highlights efforts to strengthen federal AI governance, and emphasizes Coalfire's role in promoting responsible AI...

Guardians of IoT: Fortifying the financial sector in the age of IoT

The Internet of Things IoT has revolutionized the financial industry, but its associated security vulnerabilities and risks must be addressed to protect sensitive data...

Navigating the AI security landscape: From executive orders to cyber resilience

Explore the implications of the US Executive Order, discover the challenges and solutions in AI development, and learn how Coalfire's tailored approach ensures robust AI risk management...

Maximizing the value of threat modeling

Explore four practices that maximize the value of threat models throughout the entire development lifecycle...

Guardians of IoT: Strengthening the security of IoT-connected medical devices in the healthcare industry

The healthcare ecosystem requires stakeholders to have a comprehensive grasp of the industry-specific vulnerabilities, especially in its emerging technology. Coalfire examines key healthcare-specific IoT vulnerabilities, helping healthcare IoT manufacturers and medical facility administrations kn...

The benefits of using the new Data Privacy Framework

After the Schrems II ruling by the Court of Justice of the European Union, legal cross-border transfers of personal data from the EU to the U.S. became a key issue for U.S. businesses. After years of negotiations with the EU, the EU and U.S. have developed and agreed upon an adequate system for...

Hexeon unleashed: human-centric offensive security amplified by technology

Part 3 in a blog series spotlighting Coalfire's 5th Annual Penetration Risk Report...

The great divide of PCI DSS v4.0: Merchants, are you ready?

Are you ready for PCI DSS 4.0? Its vital to understand the changes to prepare properly and avoid costly delays in achieving compliance...

Breaking down barriers: Redefining the FedRAMP® journey for cloud service providers

Since the passing of the FedRAMP Authorization Act last December, inquiries about navigating FedRAMP's complex landscape have surged. Recognizing this, Coalfire is pioneering a new pathway to streamline the FedRAMP authorization process, making it more accessible for cloud service providers...

Guardians of IoT: Safeguarding connectivity of input and output channels

Ensuring the security of the Internet of Things IoT demands a meticulous examination of industry-specific vulnerabilities and a profound comprehension of data handling. Have you taken the necessary steps to confirm that your chosen third-party security vendor possesses a comprehensive understandi...

Cracking the code to compliance management

Based on recent research and findings from Coalfires 2023 Compliance Report, the second blog in this series outlines compliance program management and performance priorities for CISOs and compliance leaders...

Penetration testing: shifting paradigms from reactive to proactive

Part 2 in a blog series spotlighting Coalfires 5th Annual Penetration Risk Report...

A rundown of the OWASP top 10 for large language model applications

As part of the Open Worldwide Application Security Project OWASP AI Project, a community of international experts published a list of the top 10 critical vulnerabilities seen in Large Language Model LLM applications...

What to look for in an audit partner

How are successful auditor partnerships formed? It starts with selecting the right auditor and taking them with you on your organizations compliance journey...

Looking back at Black Hat 2023

From AI to the evolving threat landscape, Black Hat 2023 spotlighted the security industrys latest and greatest innovations...

Behind the eight-ball: Why companies struggle with penetration risk

An introduction to a new blog series spotlighting Coalfires upcoming 5th Annual Penetration Risk report...

How the CISO drives value across the enterprise

Coalfire's Securealities 2023 State of CISO Influence report shows that CISOs have a growing responsibility to report to the board/c-suite. During budget planning, CISOs can drive value and secure budget allocations by demonstrating Return on Security Investment ROSI...

Moving past MOVEit

The MOVEit hack resembles successful cyberattacks from the past, leading us to ask if federal agencies and contractors are using all the tools, methods, and technologies available to ward off the same type of cyberattacks...

The state of cybersecurity compliance in 2023 – part 1

This first blog in the series captures the key takeaways from Coalfires Annual Compliance Report...

How medical device manufacturers can address new FDA cybersecurity guidelines

Advancements in technology in the healthcare industry have made medical devices increasingly vulnerable to cyber attacks. To embed better security practices into the manufacturing and implementation of medical devices, the FDA released a new mandate requiring a comprehensive cybersecurity plan fo...

What are the impacts of FedRAMP® Rev. 5?

The FedRAMP PMO released the final Rev. 5 security control baselines and transition guidance for cloud service providers CSPs who have achieved authorization to operate ATO and those still in the planning stages. All CSPs should review the guidance as soon as possible and start developing a plan...

Leveraging AppSec vendors amidst layoffs

The tech sector has been hit hard with layoffs and cutbacks, driving more companies to outsource their IT needs. Is it time for your organization to make the transition?...

Accelerate compliance with the Landing Zone Accelerator on AWS

Increasing complex compliance requirements is placing a heavy burden on security leaders. To better support organizations' pursuit of FedRAMP High Compliance, AWS launched the Landing Zone Accelerator on AWS. We conducted a thorough evaluation of the solution and shared our findings in the new LZ...

Insider threats to the healthcare industry

A discussion of insider threats faced by the U.S. healthcare industry highlighting the types of threats and recommendations on how organizations can mitigate the risks...

Four key questions for privacy programs in the U.S.

With new state privacy laws passed each year, organizations are tasked with developing privacy programs that are compliant with applicable laws. To help organizations identify their current privacy program maturity, privacy professionals can ask four questions to determine where they stand...

Celebrating Asian American and Pacific Islander (AAPI) Heritage Month

Coalfire employees share what Asian American and Pacific Islander AAPI Heritage Month means to them...

Top 10 challenges of building an in-house application security program

Building a successful application security program can be a daunting task, as it involves many different skill sets. Resource constraints, lack of expertise, and cultural resistance are among the many challenges preventing organizations from reaping the full benefits of an in-house AppSec program...

Top 10 challenges of building an in-house application security program

Building a successful application security program can be a daunting task, as it involves many different skill sets. Resource constraints, lack of expertise, and cultural resistance are among the many challenges preventing organizations from reaping the full benefits of an in-house AppSec program...

Top 10 challenges of building an in-house application security program

Building a successful application security program can be a daunting task, as it involves many different skill sets. Resource constraints, lack of expertise, and cultural resistance are among the many challenges preventing organizations from reaping the full benefits of an in-house AppSec program...

Reflections on the 2023 RSA Conference: Trends, takeaways, and the shift-left approach to cybersecurity

The 2023 RSA Conference brought together over 45,000 cybersecurity professionals from around the world to discuss the latest trends, technologies, and best practices in the field. Key themes that emerged at the conference included the intersection of cybersecurity and artificial intelligence AI,...

Six steps to prepare your application security team for a penetration test

This blog post will show step-by-step how an application security team should prepare for a penetration test...

Six steps to prepare your application security team for a penetration test

This blog post will show step-by-step how an application security team should prepare for a penetration test...

White House cyber strategy: leadership is now accountable

The National Cybersecurity Strategy represents one of the most significant market-driving forces in the history of IT. It ushers in a new era of standards, requirements, and best practices that will define how our economy works and how buyers interact with sellers for decades to come...

HIMSS 2023 Conference recap

HIMSS 2023, the largest annual healthcare technology conference, was a great success. The conference highlighted the importance of compliance, data privacy, and cyber security for healthcare organizations. With the increasing use of electronic systems and devices, protecting patient data has beco...

Top 4 myths about cybersecurity compliance assessors: How to build a successful auditor partnership that enables your business

In this series of blog posts, we will debunk the assumptions of your assessor relationship, navigate independence requirements, and create a space for mutual collaboration and innovation...

Threat-informed defense: The evolution of red teaming in cybersecurity

While there are several approaches to vulnerability management like pen testing and red teaming, adversary emulation is the only method that contributes to a threat-informed defense cybersecurity strategy...

Threat-informed defense: The evolution of red teaming in cybersecurity

While there are several approaches to vulnerability management like pen testing and red teaming, adversary emulation is the only method that contributes to a threat-informed defense cybersecurity strategy...

Maximizing ROI on cybersecurity training

Most awareness training strategies fail to promote a strong cybersecurity culture and meaningfully influence workers's behavior. It's time to leverage motivation to change attitudes and improve the ROI on training...

Everything you need to know about HITRUST v11

HITRUST v11 is finally here. In this blog post, Coalfire HITRUST experts provide guidance to address the key details surrounding the transition timelines and what organizations can expect with the latest version...

How Fortune 500s are building brand value by communicating security posture

With Covid and cloud migration driving new threats and vulnerabilities, security concerns are now top of mind with customers. As a result, buyer perception about an organizations security and compliance posture can be leveraged to build market trust and high-value brand magic for virtually every...

FAQ: Transitioning to the highly anticipated new revision of ISO 27001

For a group like Coalfire Certification that lives and breathes these standards daily, it has been an exciting few months monitoring the progress of this publication and its review through the various ISO working groups...

Meeting and scaling compliance with IaC design

Gone are the days when cloud, application, and infrastructure engineers need to shoulder the burden of compliance and audits. With "smart" compliance-aware Infrastructure as Code IaC module design, engineers can focus on the functionality, performance, and scalability of their applications withou...

End the compliance management blues

Coalfire teamed up with one of the worlds leading security technology engineering firms, anecdotes, to expand Compliance Essentials capabilities - automating compliance workflows and risks, evidence collection, and audit execution. All within one platform...

FedRAMP just got better – and is here to stay

Today, President Biden signed the National Defense Authorization Act NDAA, taking a giant step forward in securing the federal governments cloud-first mission. The FedRAMP® Federal Risk and Authorization Management Program Authorization Act, outlined in section 5921 of the NDAA, formalizes the...