Find your fit.
Start here.
Select your industry to see the services most relevant to you. Every service links to a full detail page with scope, pricing, and what to expect.
CMMC & DoD Supply Chain Security
For defense contractors, subcontractors, and DoD supply chain organizations handling Controlled Unclassified Information. CMMC enforcement is active. If you handle CUI and are not certified, you cannot bid on new DoD contracts. Read the full breakdown for defense contractors →
Managed Detection & Response
24/7 endpoint and server monitoring with active threat response. Satisfies CMMC SI.3.218 and CA.2.157 continuous monitoring requirements and generates monthly evidence for your SSP binder.
View details → Retainer, MonthlyvCISO Retainer
Senior security leadership on a monthly retainer. CMMC posture management, policy oversight, board reporting, and the security expertise your prime contractors expect to see.
View details → Retainer, MonthlyIncident Response Retainer
Pre-paid IR with guaranteed SLA. When a breach occurs, you need someone who picks up the phone. Includes DFARS 252.204-7012 reporting support and the 72-hour DoD notification process.
View details → Managed, MonthlySecurity Awareness Training
Managed training and quarterly phishing simulations. Satisfies CMMC AT.2.056 and AT.3.058. Generates the workforce training documentation your C3PAO assessor will ask for.
View details → Project-BasedCloud Security Consulting
CUI enclave design in Azure or GCC High, M365 security assessments, Entra ID and Conditional Access review. ByteTempest understands what the Shared Responsibility Model means for CMMC.
View details → Project-BasedCMMC Project Work
Gap assessment, SSP, CUI enclave design, policy suite, pen testing, SPRS remediation. Each engagement builds toward audit-ready documentation your C3PAO will accept.
Build a quote →| Project service | Deliverable |
|---|---|
| CMMC Gap Assessment | Gap report + POA&M |
| System Security Plan (SSP) | Audit-ready SSP |
| CUI Enclave Design | Architecture + setup guide |
| Policy & Procedure Suite | 20+ policy documents |
| Penetration Testing | Pentest report, CVSS-rated |
| SPRS Score Remediation | Updated SPRS + evidence package |
| CMMC Readiness Retainer | Monthly posture reports |
HIPAA Security & Healthcare Cyber Defense
For hospitals, clinics, multi-site practices, FQHCs, health tech companies, and business associates handling protected health information. Small practices are the top ransomware target in healthcare. ByteTempest delivers professional-grade security whether you can pay for it or not. Read the full breakdown for healthcare →
Managed Detection & Response
24/7 endpoint monitoring and active response for clinical networks. Covers EHR workstations, servers, and medical-adjacent devices. Monthly reports align to HIPAA technical safeguard documentation requirements.
View details → Managed, MonthlySecurity Awareness Training
Managed training and quarterly phishing simulations for clinical staff. Satisfies HIPAA 45 CFR 164.308(a)(5) workforce training requirements. Completion records included in every reporting cycle.
View details → Retainer, MonthlyIncident Response Retainer
Pre-paid IR with HIPAA breach notification support built in. Includes patient notice drafting, OCR reporting, and documentation preservation when a breach occurs.
View details → Retainer, MonthlyvCISO Retainer
Senior security leadership for healthcare organizations that need executive guidance without the executive salary. HIPAA program oversight, vendor risk management, and board-level reporting.
View details →HIPAA Security Risk Assessment
Full technical and administrative audit against the HIPAA Security Rule. Written findings, risk ratings, and a prioritized remediation roadmap. Satisfies the annual SRA requirement and holds up in an OCR investigation.
Build a quote →TempestVitals Program
Free security assessments, training, and IR planning for qualifying small clinics and FQHCs in Hampton Roads. No sales pitch, no follow-up ask. Just security for the practices that need it most.
See if you qualify →| Project service | Deliverable |
|---|---|
| HIPAA Security Risk Assessment | Findings report + remediation roadmap |
| HIPAA Privacy Rule gap assessment | Gap findings + policy recommendations |
| BAA review & vendor inventory | Vendor list + BAA template |
| HIPAA policy & procedure suite | Full administrative policy set |
| Breach notification plan | Response playbook + notice templates |
| Network vulnerability assessment | Scan report, plain-language findings |
| Penetration testing | Pentest report, CVSS-rated |
Security without the enterprise overhead.
For small and mid-size businesses that need real security but do not have a dedicated IT or security team. ByteTempest manages the complexity so you can focus on running your business. No jargon, no lock-in, no hidden fees. Read the full breakdown for small business →
Managed Detection & Response
Your computers and servers watched around the clock. When something suspicious happens, ByteTempest handles it. No internal security staff required. No alerts hitting your inbox at midnight.
View details → Managed, MonthlySecurity Awareness Training
Your team trained on real phishing tactics, quarterly. ByteTempest runs the program, sends the simulations, tracks completion, and keeps the documentation. You do not have to think about it.
View details → Retainer, MonthlyIncident Response Retainer
If your systems are ever compromised, ByteTempest responds immediately. No scrambling to find help while the clock is ticking. Guaranteed response time, defined in writing before anything happens.
View details → Retainer, MonthlyvCISO Retainer
A senior security advisor on call monthly. If you are currently the person who handles security questions at your company because there is no one else, this is for you. Strategy, vendor decisions, and a point of contact.
View details → Project-BasedCloud Security Assessment
If your business runs on Microsoft 365 or Azure, ByteTempest can audit your configuration, find the gaps, and fix them. Most small businesses have significant exposure in their cloud environment and do not know it.
View details → Project-BasedPenetration Testing
A controlled attack on your own systems to find the holes before someone else does. ByteTempest delivers a plain-language report with findings and what to do about each one.
Build a quote →Not sure where to start?
Most small businesses benefit most from MDR and SAT as a foundation: one service watches your systems, the other trains your people. Add an IR retainer when you are ready to have a response plan. Start with a free consultation and ByteTempest will tell you honestly what you need and what you do not.
Regulatory compliance, done practically.
ByteTempest handles compliance engagements across CMMC, HIPAA, PCI DSS, NIST CSF, and Virginia CDPA. The goal is not a binder of documents that sits on a shelf. It is a defensible, documented security posture that holds up when it matters.
CMMC Compliance
Gap assessment, SSP, CUI enclave design, policy suite, SPRS remediation, and C3PAO prep. ByteTempest is not a C3PAO and does not conduct the formal certification, but we get you to the point where you pass it.
Build a quote → HealthcareHIPAA Compliance
Security Risk Assessment, Privacy Rule gap review, BAA audit, policy suite, breach notification plan, and OCR preparation. Offered as one-time project work or as an ongoing compliance retainer.
Build a quote → Payment ProcessingPCI DSS Compliance
Gap assessment, SAQ guidance, scope reduction, policy development, pen testing formatted for QSA review, and audit readiness support. ByteTempest is not a QSA but prepares you to work with one effectively.
Build a quote → General FrameworkNIST Cybersecurity Framework
Current-state gap assessment across all five CSF functions: Identify, Protect, Detect, Respond, Recover. Maturity scoring and a prioritized roadmap to your target profile.
Build a quote → Data PrivacyVirginia CDPA
Gap assessment and policy development for Virginia's Consumer Data Protection Act. Covers data collection inventories, consumer rights procedures, and privacy notice requirements.
Build a quote → Ongoing, MonthlyCompliance Retainer
Ongoing management across one or more frameworks: HIPAA maintenance, PCI annual cycle coordination, CMMC posture tracking. ByteTempest keeps your compliance current so you are not scrambling before an audit.
View vCISO options →Note on third-party assessments
ByteTempest is not a C3PAO (CMMC), a QSA (PCI DSS), or an OCR investigator (HIPAA). We prepare your organization to work with these parties effectively, get your documentation in order, and ensure you are not going into a formal assessment unprepared. Think of ByteTempest as the consultant who gets you ready for the exam, not the person who grades it.