I must comply with legal regulation.

Good news – Mainstay serves:

  • Covered Entities and Business Associates under HIPAA and HITECH
  • DoD contractors, subcontractors, and manufacturers under NIST 800-171 and DFARS 252.204-7012
  • Any organization maintains Personally Identifiable Information of staff or clients that fall under state privacy laws such as MA 201 CMR 17.00
  • Organizations that process credit cards and must meet PCI standards
  • Federal contractors under NIST 800-53
  • Financial institutions under GLBA
  • Organizations preparing for GDPR

Get legal compliance help ›

I need a partner for something specific.

Mainstay Technologies provides services for a complete infosec program and engages with current business leaders, IT, and information security personnel to strengthen defenses.

Customized plans may include:

  • Risk assessments
  • Staff training
  • Phishing testing
  • Managed SIEM
  • Disaster recovery planning
  • Encryption
  • Multi-Factor authentication
  • Policy development

Get customized help ›

I must comply with client or vendor requirements.

Large organizations are demanding that their clients and contractors comply with robust cybersecurity requirements – regardless of size or industry. We can handle these requirements proactively and creatively, controlling costs while meeting these conditions in an “audit worthy” manner.

Whether the compliance is with a defined standard, such as SANS 20 or NIST Cyber Security Framework (CSF), or left open to interpretation, we have the experience and ability to address issues effectively and in budget.

Get vendor compliance help ›

I am concerned about risk to my organization.

Our in-depth risk assessment involves multiple tests, interviews, discovery, consultations, compliance review, and deep technical investigation. This allows us to accurately provide a risk rating, identify areas of vulnerability, and create a foundation for protecting the organization quickly and cost-effectively.

Get a risk assessment ›

I need a Written Information Security Plan (WISP).

A Written Information Security Plan is not only a requirement for many federal and state compliances, but is also one of the most important steps any organization can take to become more secure. A carefully developed WISP is not a document that sits on a shelf, but rather a security program that ensures that you have the right policies, workflows, training, and controls.

Get a WISP ›