Coalfire Introduces Navis Lighthouse™

Share Article

Premise-based Appliance Securely Gathers IT Control Evidence and Enables Real-time Compliance Management

News Image

Louisville-based Coalfire today released NavisTM Lighthouse™, a secure, solid-state device that continuously gathers control evidence and enables security professionals to manage compliance in real time. Lighthouse is included at no extra charge with a subscription to any of Coalfire’s Navis solutions. It enables customers to self-assess against PCI DSS, HIPAA/HITECH, GLBA/FFIEC and FISMA control requirements using the same kind of evidence that was previously gathered only in on-site, auditor-led tests.

“Our Navis solutions are built and configured for customers who are serious about IT security and compliance and want complete, accurate, cost-effective, evidence-supported             self-assessments,” said Rick Dakin, CEO and senior security strategist of Coalfire. “Prior to Navis Lighthouse, customers could complete an assessment but they struggled to back up their answers with evidence. Now, this appliance does the detailed work for them and automatically correlates evidence with controls. Armed with this evidence, they can be sure that controls are operating effectively and they can defend themselves should a worst-case scenario, like a data breach, occur.”

Navis is Coalfire’s trademarked suite of Governance, Risk and Compliance tools and is used by hundreds of Coalfire clients in retail, financial services, state and local government, technology, healthcare, and utilities. Navis solutions are constantly updated to align with the standards, technologies and best practices used to manage compliance with the PCI DSS, HIPAA/HITECH, GLBA/FFIEC and FISMA standards.

Navis Lighthouse is itself secure and compliant, and can be implemented without modifying target networks. The initial release of Navis Lighthouse includes tools for internal vulnerability assessments, often referred to as internal scanning. These tests are required under Requirement 11 of the PCI DSS and also included in HIPAA/HITECH and GLBA assessments. Subsequent Navis Lighthouse releases will add new tests and services to the suite and each of these will be fully aligned to the standards and controls required by regulators and business partners.

Mark Lucas, Coalfire’s vice president of managed services and a credentialed auditor, has piloted Navis Lighthouse with many of Coalfire’s current Navis subscribers.
“Navis Lighthouse saves our clients time and money on evidence collection and it gives them the tools they need to test and document their controls - without an on-site audit. Best of all, it is ‘always on’ thereby enabling continuous compliance – a huge improvement over the point-in-time self-assessments,” said Lucas.

About Coalfire
CoalfireSM is a leading, independent IT audit and compliance firm that provides information technology (IT) audit, security assessment and IT compliance management solutions. The company has grown rapidly since being founded in 2001 and now completes more than 1,000 projects annually in retail, financial services, healthcare, government and utilities. Coalfire has developed a new generation of technology-enabled IT compliance management tools under the Navis™ brand. These tools enable Coalfire to efficiently deliver governance, risk and compliance (GRC) services and keep pace with rapidly changing regulations and best practices. Coalfire’s solutions are adapted to requirements under emerging data privacy legislation, including the PCI Data Security Standard, Gramm-Leach-Bliley Act, HIPAA/HITECH, NERC CIP, Sarbanes-Oxley and FISMA. For more information, please visit


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Stephanie Vanderholm
Email >
Visit website