How can we help you achieve your cybersecurity goals?

I must comply with legal regulations

We work with a variety of organizations that must comply with specific, stringent legal regulations. These include:

  • Covered Entities and Business Associates under HIPAA and HITECH
  • DoD contractors, subcontractors, and manufacturers under NIST 800-171 and DFARS 252.204-7012
  • DoD contractors, subcontractors, and manufacturers under Cybersecurity Maturity Model Certification (CMMC). Learn more about our CMMC services >
  • Any organization that maintains Personally Identifiable Information of staff or clients that fall under state privacy laws such as Massachusetts 201 CMR 17.00
  • NIST Risk Management Framework 800-37
  • Organizations that process credit cards and must meet PCI standards
  • Federal contractors under NIST 800-53
  • Financial institutions under GLBA
  • Organizations preparing for GDPR

I need a partner for a specific project

We provide services for a complete infosec program and engage with current business leaders, IT, and information security personnel to strengthen defenses. Customized plans could include:

  • Risk assessments
  • Penetration Testing
  • Staff training
  • Phishing testing
  • Managed Security Incident & Event Management (SIEM)
  • Managed Security Operations Center (SOC)
  • Disaster recovery planning
  • Policy development
  • See the broader list of services >

I must comply with client or vendor requirements

Large organizations are demanding that their clients and contractors comply with robust cybersecurity requirements – regardless of size or industry. We can handle these requirements proactively and creatively, controlling costs while meeting these conditions in an “audit worthy” manner.

Whether the compliance is with a defined standard, such as SANS 20, NIST Cyber Security Framework (CSF), Cybersecurity Maturity Model Certification (CMMC), or left open to interpretation, we have the experience and ability to address issues effectively and in budget.

I am concerned about risk to my organization

Our in-depth risk assessment involves business process review, risk and compliance review, organizational risk management evaluation, interviews, data discovery, and deep technical investigation. This allows us to accurately provide a risk rating, identify areas of vulnerability, and create a foundation for protecting the organization quickly and cost-effectively.


Managed Information Security Program (MISP)

MISP services lower risk for your organization as part of a long-term partnership. We will identify your organization’s risk profile through comprehensive risk assessments where we evaluate your Technical, Administrative and Physical security controls. It’s our way of fully understanding where your organization stands related to information security, allowing us to identify the next steps for remediation and improving your overall security posture. Mainstay will carry and manage that risk while guiding you through a governance roadmap. Request more information >

Penetration Testing

The baseline of a pen test includes six manual or automated activities, consisting of intelligence gathering, threat modeling, vulnerability analysis, exploitation, post-exploitation, and action-oriented reporting of potential impact and remediation. More specific tests are then layered on based on an organization’s specific environment. Next steps and recommended remediation can help to further strengthen your security posture and lower risk for your organization. Read more about Mainstay’s Pen Testing Services >

Risk Assessment

Often required by compliance regulations, a risk assessment can be a valuable project for any organization. The assessment helps to uncover areas of risk for a breach, data, leaks, and other issues. As part of the process, Mainstay will test, identify, and rate that risk. This allows for in-depth technical and organizational recommendations, closing gaps, improving compliance, and mitigating critical vulnerabilities. Request more information >

Gap Analysis

The Gap Analysis is an opportunity to assess and identify areas of compliance, non-compliance, or partial compliance with a set of required controls. The analysis results in three documents used as tools for discussion and tracking: a comprehensive compliance report detailing findings, an initial draft of your Plan of Action and Milestones (POA&M) for risk management, and an executive summary synthesizing our recommended strategy and path moving forward. Request more information >

User Security Platform

The USP includes ongoing Threat and Dark Web Monitoring for domains, network addresses, external IP addresses, email addresses, and key accounts and data impacting your organization. Our tools regularly check what sensitive information may be leaked onto the Dark Web in order to mitigate those risks by changing passwords, adjusting controls, and implementing other security measures. This service also includes quarterly email phishing tests, external vulnerability scans, and online training for your team. Request more information >

Additional specialty services:

  • Security Information and Event Management (SIEM)
  • Managed Security Operations Center (SOC)
  • Account Controls Assessment
  • Compliance Assessment
  • Risk Assessment
  • Disaster Recovery Tabletop Exercise
  • Company-wide Disaster Recovery Plans
  • Incident Response Forensics and Tabletop Exercise
  • On-site Training
  • Internal Vulnerability Scan
  • Personally Identifiable Information (PI)I Scans
  • Policy Creation
  • Role-Based Access Control (RBAC) Project
  • Social Engineering Testing
  • Physical Security Recommendations
  • Cyber Liability Insurance Review