Pricing & Instant Quote Builder

Managed Detection & Response (MDR)

24/7 SOC-backed endpoint monitoring & active threat response

-

Every endpoint and server monitored around the clock by ByteTempest and a 24/7 Security Operations Center. When a threat is detected, we respond. Satisfies CMMC SI.3.218 and CA.2.157 continuous monitoring requirements. Includes deployment, management, monthly evidence reports, and CMMC documentation.

Endpoints to cover

Volume pricing: first 60 endpoints at $30/ep · next 90 at $25/ep · 151+ at $20/ep. No minimum, install fee covers onboarding.

Identity Threat Detection & Response (ITDR)

Continuous M365 identity monitoring & account compromise defense

-

Continuous monitoring of your Microsoft 365 environment covering email-based attacks, OAuth abuse, unauthorized app consent, and account compromise. The most common initial access vector for DIB contractors. All licensed M365 identities monitored continuously, with managed response when threats are confirmed.

M365 accounts / identities to cover

Volume pricing: first 60 identities at $30/identity · next 90 at $25 · 151+ at $20. No minimum, install fee covers onboarding.

Security Awareness Training (SAT)

Managed security awareness training · quarterly phishing simulations included

-

Automated security awareness training and quarterly phishing simulations, managed entirely by ByteTempest. Training assignments, click-rate tracking, completion reporting, and compliance documentation included. Satisfies CMMC AT.2.056 and HIPAA 45 CFR §164.308(a)(5). Zero internal IT overhead.

Users to train

$18/user/mo. No minimum. Includes quarterly phishing simulations at all tiers.

Virtual CISO (vCISO) Retainer

Fractional security leadership, configure your deliverables

-

Senior cybersecurity leadership on a monthly retainer, without the full-time cost. Select the deliverables you need. Pricing scales with scope. Every engagement includes a monthly strategy session and access to your vCISO by phone and email between sessions.

Select deliverables

Monthly strategy session90-min leadership session, security roadmap, priorities

Included

Policy & procedure oversightReview and maintain security policies, procedure docs

+$400/mo

Board & executive reportingMonthly security briefing deck, risk posture summary

+$500/mo

Vendor risk & contract reviewSecurity questionnaires, third-party assessments, contract language

+$400/mo

Incident response leadershipOn-call IR command, breach coordination, post-incident review

+$600/mo

CMMC posture managementPOA&M tracking, control review, annual affirmation support

+$500/mo

Quarterly staff security briefingsSecurity awareness sessions for leadership, current threat briefings

+$300/mo

Base retainer $3,000/mo covers strategy session + email/phone access. Add deliverables above to build your engagement.

Incident Response Retainer

Pre-paid IR with guaranteed SLA, configure your coverage

-

Pre-paid incident response puts ByteTempest on your team before you need us. Retainer clients go to the front of the line. Unused hours roll forward quarterly. If an incident exceeds retainer hours, overages bill at the retainer rate.

Response SLA

Quarterly hours included

Add-on coverage

DFARS 252.204-7012 reporting support72-hour DoD reporting, contractor portal submission, system image preservation

+$300/mo

Post-incident reportingExecutive + technical report, remediation roadmap, lessons learned

+$200/mo

HIPAA breach notification supportOCR notification, patient notice drafting, documentation preservation

+$200/mo

Annual tabletop exerciseFacilitated IR simulation, gap identification, playbook update

+$150/mo

Base rate depends on SLA + hours selected. Unused hours roll forward within the quarter.

CMMC Readiness Retainer

Ongoing compliance management, configure your deliverables

-

CMMC is not a one-time event. The readiness retainer keeps your posture current between C3PAO assessments, managing your POA&M, updating documentation as your environment changes, and keeping your SPRS score accurate. Select the deliverables you need.

Select deliverables

POA&M managementMonthly POA&M review, milestone tracking, remediation coordination

Included

SPRS score maintenanceQuarterly score review, submission guidance, DoD portal support

+$300/mo

Policy & procedure updatesMaintain your policy suite as controls and environment change

+$400/mo

SSP maintenanceKeep your System Security Plan current as your environment evolves

+$400/mo

Evidence binder managementOngoing collection and organization of control evidence for C3PAO

+$500/mo

Annual affirmation supportPrepare and guide your DoD annual affirmation submission

+$200/mo

Base retainer $2,500/mo covers POA&M management + monthly status report.

CMMC Project Work

Gap assessment, SSP, pen test, policy suite & more

-

One-time project work covering the full CMMC readiness lifecycle: initial gap assessment, documentation, architecture, and testing. All deliverables are formatted for C3PAO assessment.

Select engagements

CMMC Gap AssessmentAll 110 NIST 800-171 controls evaluated, SPRS scored, POA&M delivered

From $8,500

System Security Plan (SSP)Full SSP documenting your security architecture and control implementations

From $5,000

CUI Enclave Design (on-prem)Segmented network architecture design to minimize CMMC scope and cost

From $7,000

Policy & Procedure Suite20+ CMMC-aligned policies: access control, IR, media protection, and more

From $4,000

Penetration TestingInternal network, external perimeter, web app, and phishing simulation

From $6,500

SPRS Score RemediationDocumented control implementation to improve your Supplier Performance Risk score

From $3,500

HIPAA Security Risk AssessmentFull technical and administrative audit against the HIPAA Security Rule

From $4,500

Organization size (affects scoping)

Compliance Services

HIPAA · PCI DSS · NIST CSF · Virginia CDPA, project & retainer

-

ByteTempest provides compliance consulting for healthcare, payment card, and data privacy frameworks, preparing your organization for audits and ongoing regulatory obligations. Note: ByteTempest is not a QSA (PCI) or C3PAO (CMMC). We prepare you for third-party assessments but do not conduct the formal certification audits.

HIPAA, Health Insurance Portability & Accountability Act

HIPAA Security Risk Assessment (SRA)Full technical & administrative audit against the Security Rule. Written findings, risk ratings, remediation roadmap.

From $4,500

Privacy Rule gap assessmentEvaluate your Notice of Privacy Practices, patient rights procedures, and administrative Privacy Rule controls.

From $2,500

BAA review & vendor inventoryAudit your Business Associate Agreements and identify vendors requiring BAAs. Includes standard BAA template.

From $1,500

HIPAA policy & procedure suiteFull set of HIPAA-aligned administrative policies: access control, workforce sanctions, device & media, contingency planning.

From $3,500

Breach notification planHIPAA Breach Notification Rule procedures, who to notify, timelines, HHS reporting, patient notice templates.

From $2,000

OCR audit preparationDocumentation review, evidence organization, and mock OCR interview preparation ahead of a compliance investigation.

From $3,000

PCI DSS, Payment Card Industry Data Security Standard

PCI DSS gap assessmentEvaluate your cardholder data environment against all 12 PCI DSS v4.0 requirements. Findings report + prioritized remediation plan.

From $5,500

Scope reduction & SAQ guidanceIdentify opportunities to reduce your cardholder data environment scope. Determine the correct SAQ type and guide completion.

From $2,000

PCI policy & procedure developmentSecurity policies aligned to PCI DSS 12 requirements, access control, logging, incident response, vendor management.

From $3,000

PCI penetration testingSegmentation testing and application/network penetration testing meeting PCI DSS Req. 11.4. Report formatted for QSA review.

From $6,500

Audit readiness & QSA liaisonPre-audit evidence organization, documentation review, and representation support working alongside your QSA assessor.

From $3,500

NIST CSF, Cybersecurity Framework

NIST CSF gap assessmentEvaluate your current posture across all five CSF functions (Identify, Protect, Detect, Respond, Recover) with a maturity score and roadmap.

From $5,000

CSF implementation roadmapPrioritized action plan to reach your target maturity profile, mapped to your existing controls and business objectives.

From $3,000

Virginia CDPA, Consumer Data Protection Act

Virginia CDPA gap assessmentEvaluate your data collection, processing, and consumer rights procedures against Virginia CDPA obligations. Applies to organizations processing personal data of 100,000+ Virginia consumers.

From $2,500

CDPA privacy policy & proceduresPrivacy notice, consumer rights response procedures, data processing records, and opt-out mechanism guidance.

From $2,000

Compliance Maintenance Retainer

Ongoing HIPAA compliance managementAnnual SRA refresh, policy maintenance, workforce training coordination, breach response readiness, OCR watch.

$1,500/mo

Ongoing PCI DSS compliance managementAnnual SAQ coordination, quarterly scan oversight, policy updates, and pre-audit evidence maintenance.

$1,200/mo

Multi-framework compliance retainerCombined ongoing management across two or more frameworks (e.g. HIPAA + CMMC, or PCI + NIST CSF). Bundled rate.

$2,200/mo

Cloud Security Consulting

Azure, M365 GCC/GCC High, AWS GovCloud, project-based

-

Cloud security assessments and architecture for any organization moving workloads to the cloud. Deep familiarity with Azure, M365 security controls, Conditional Access, Entra ID, and the Shared Responsibility Model as it applies to CMMC, HIPAA, and PCI DSS.

Select engagements

Azure / M365 Security AssessmentTenant config, Conditional Access, Entra ID posture, Defender for Business review

From $6,500

CUI Enclave Design (Azure/GCC)CMMC-compliant CUI handling architecture, segmentation, access control, logging

From $8,000

Cloud IR ReadinessLogging config, SIEM integration, cloud-specific IR playbook for Azure and AWS

From $4,500

FedRAMP Gap AdvisoryGap analysis against FedRAMP Moderate baseline for cloud service alignment

Custom quote

TempestShield, CMMC Compliance Platform

Automated evidence collection, live SPRS scoring, M365 integrations

Coming soon

TempestShield is in development. The platform will automate CMMC evidence collection, maintain a live SPRS score, generate SSPs and POA&Ms, and integrate directly with your Microsoft 365 and Azure environment via Graph API. Early access clients receive founding member pricing locked for life.

Learn more about TempestShield →

Tell us about your org.
We'll build the number.

Build your custom quote.

Tell us about your org.We'll build the number.

Build your custom quote.

Tell us about your org.
We'll build the number.