Archivo de la categoría: Federal Information Security Management Act of 2002

Coalfire Opens VMware Compliance Lab

Coalfire Systems, Inc. today announced that it has established the VMware Compliance Lab, a center of excellence and that designs, tests and promotes IT security best practices and audit guidelines for virtualized computing environments.

The VMware Compliance Lab, housed in Coalfire’s Seattle office, provides partners and end users with the information and tools they need to expedite the audit process and ensure compliance with major IT security standards, including PCI DSS, HIPAA/HITECH, GLBA, FISMA and FedRAMP. As a fully-independent IT Governance, Risk an Compliance firm, Coalfire gathers reference architecture and controls data from VMware, tests those controls in both the lab and the field, and issues guidance documents that security professionals can use to manage risk and compliance. In addition to VMware products, the Lab also houses and tests controls information from other products built on the VMware reference architecture, including solutions from EMC, RSA, HP, Symantec, McAfee and LogRhythm.

“Coalfire is partnering with VMware and other industry leaders to promote security and compliance in virtualized environments,” said Rick Dakin, CEO, co-founder and senior strategist at Coalfire. “Our lab provides a clearinghouse of un-biased, tested and proven best practices, and as those best practices are adopted in the field, end users will be able to streamline and risk and compliance efforts.”

”Coalfire’s thought leadership and IT audit expertise enables our partners and customers to confidently virtualize highly regulated workloads and meet their regulatory requirements. The guidance provided by Coalfire coupled with VMware’s proven leadership and ecosystem enables enterprises to use their virtualization investment as they move business critical applications to the cloud,” said Parag Patel, vice president, Global Strategic Alliances.


Coalfire Accredited as FedRAMP Third Party Assessment Organization

Coalfire Systems, Inc. announced today that it has achieved accreditation as a FedRAMP (Federal Risk and Authorization Management Program) Third Party Assessment Organization (3PAO).

The FedRAMP program supports the U.S. government’s objective to enable U.S. federal agencies to use managed service providers that enable cloud computing capabilities, and Coalfire is one of the first ten accredited 3PAO firms. With this certification, Coalfire is the only assessment firm authorized to conduct cloud assessments for the federal government (3PAO), healthcare industry (HITRUST certified) and the payment card industry (Qualified Security Assessor).

FedRAMP provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. As a part of the FedRAMP process, cloud service providers (CSPs) must use a FedRAMP approved third party assessor to independently validate and verify that they meet the FedRAMP requirements.

“Moving to the cloud raises numerous security concerns for any business,” said Tom McAndrew, executive vice president, professional services at Coalfire. “For government agencies, these concerns can be even more sensitive since national security can be at risk. This accreditation further validates Coalfire’s expertise in cloud security and risk assessment and we look forward to working with CSPs on their FedRAMP initiative towards receiving an authority to operate (ATO).”

Receiving the accreditation of 3PAO means Coalfire will be able to validate the security and control implementations that CSPs must provide in order to work with and provide cloud services to federal agencies. 3PAOs are critical to the FedRAMP program, as they demonstrate the independence and competency of CSPs that host the government’s most crucial data.

In addition to demonstrating the requisite technical competency in FISMA and independence and quality management to achieve 3PAO accreditation, Coalfire has diverse leadership experience in additional vital compliance fields – in cloud and virtualization environments – such as PCI, HIPAA/HITECH and GLBA; backed with expert staff that includes former CIOs, CTOs and auditors. Coalfire staff are heavily experienced in those respective industry regulations and are located across the U.S. Coalfire has offices in seven major markets in the U.S. including the Washington, D.C. area.

FedRAMP implementation began earlier this month and will be done in phases – starting with 3PAOs assessing CSPs. Coalfire has already begun preparing agencies and cloud service providers for testing. The wave of activity is growing and includes assessments and penetration tests with interested CSPs this month. Inquiries for FedRAMP services can be made with Coalfire at 877-224-8077 or at http://coalfire.com/FedRAMP-3PAO.

For those interested in learning more about the FedRAMP certification process, Coalfire will be conducting a free webinar on July 10, 2012 at 2:00pm EDT / 11:00am PDT. Click here to register.