NY DFS 23 NYCRR 500 Compliance

Choose by How Much Automation You Need

Every plan includes full compliance coverage. Upgrade for operations tools and automation.

All plans include a 14-day free trial. No credit card required.

Each plan is available in an edition tailored to your regulation (NY DFS, SOC 2, HIPAA, ISO 27001, PCI DSS).

Core Compliance

Full NY DFS compliance for small teams. Everything you need to be audit-ready.

$500/year
Includes up to 3 employees
Unlimited admin users
Start Free Trial
  • NY DFS requirements dashboard
  • Policy library (50+ templates)
  • Policy acknowledgment tracking
  • Evidence vault & collection
  • Training tracking & reports
  • Phishing simulation campaigns
  • Vendor risk assessments
  • Vulnerability remediation tracking
  • Risk register
  • Incident tracking
  • Audit log & activity trail
  • Annual certification tracking
  • Email support
Most Popular

Operations Pack

Everything in Core plus operations tools for device oversight and remediation.

$900/year
Includes up to 10 employees
Unlimited admin users
Start Free Trial
  • Everything in Core Compliance
  • Device inventory & fleet overview
  • Endpoint security agent
  • Encryption monitoring (BitLocker)
  • Patch approval workflow
  • Drift detection & alerts
  • Device compliance audits
  • MFA status tracking
  • Priority support

Premium Automation

Full automation suite for teams that want hands-off compliance operations.

$1,200/year
Includes up to 15 employees
Unlimited admin users
Start Free Trial
  • Everything in Operations Pack
  • Live terminal access
  • Remote control
  • Runbooks & scheduled tasks
  • Automated remediation
  • Premium integrations (NinjaOne, SentinelOne, CrowdStrike, ConnectWise, Okta, Microsoft 365)
  • Custom reporting
  • Dedicated onboarding
  • Phone support

Compare Plans

See exactly what's included in each plan.

FeatureCore ComplianceOperations PackPremium Automation
Price$500/year$900/year$1,200/year
Compliance Coverage
NY DFS requirements dashboard
Policy library (50+ templates)
Policy acknowledgments
Evidence vault
Training tracking
Certification deadlines
Audit log
Security Practices
Phishing campaigns
Vendor assessments
Vulnerability tracking
Risk register
Incident tracking
Operations
Device inventory
Endpoint agent
Encryption monitoring
Patch workflow
Drift detection
Automation
Live terminal
Remote control
Runbooks
Premium integrations
Automated remediation
Capacity
Employees included31015
Admin usersUnlimitedUnlimitedUnlimited
Additional employees$30/yr each$25/yr each$20/yr each
Support
Email support
Priority support
Phone support
Dedicated onboarding

Professional Services Add-Ons

Meet NY DFS requirements that go beyond software. Virtual CISO, penetration testing, and vulnerability scanning.

Virtual CISO

Required by NY DFS 500.04

Qualified CISO oversight without the full-time hire. Perfect for small businesses that need expert guidance.

Advisory

$750/month

4 hours/month

Monthly review, policy guidance, board reporting

Active

$1,500/month

10 hours/month

Hands-on management, incident response, vendor reviews

Full-Service

$3,000/month

20 hours/month

Dedicated CISO coverage, audit support, strategic planning

Get a quote for Virtual CISO

Penetration Testing

Required annually by NY DFS 500.05

Annual penetration testing with DFS-ready report and remediation guidance. Scope and pricing based on your environment.

Starting at

$1,500

External network test

External vulnerability assessment, network perimeter testing, DFS-compliant report

Additional services available:

  • Internal network testing
  • Web application testing
  • Social engineering / phishing
  • Wireless network assessment
  • Cloud environment review

Custom scoping based on your environment

Get a quote for Penetration Testing

Vulnerability Scanning

Required by NY DFS 500.05

Continuous vulnerability scanning with monthly reports for DFS compliance.

Quarterly

$750/quarter

Monthly scans

External scanning, quarterly reports

Annual

$2,400/year

Weekly scans

Internal + external, continuous monitoring

Get a quote for Vulnerability Scanning

One-Time Services

Gap Assessment

$1,500

Comprehensive review of your current compliance posture with remediation roadmap.

Policy Development

$2,500

Custom policy writing for all 14 NY DFS required policy areas, tailored to your business.

Audit Preparation

$3,500

Hands-on support preparing for your NY DFS examination. Evidence review and mock audit.

Integrations

Basic integrations (Microsoft 365, Okta) are available on all plans. Premium integrations (NinjaOne, SentinelOne, CrowdStrike, ConnectWise) are included with Premium Automation or available as an add-on for $200/year.

Pricing Questions

What's the difference between the plans?

All plans include full NY DFS compliance coverage. Core Compliance gives you everything needed to be audit-ready. Operations Pack adds device management and endpoint monitoring. Premium Automation adds remote tools, runbooks, and hands-off automation.

What's an employee vs an admin?

Employees are the people in your organization who complete security training, acknowledge policies, and are tracked for compliance purposes. Admins are the people who manage the compliance program — they set up policies, run phishing tests, review reports, and manage the platform. Admin users are unlimited on every plan.

How do I know if I qualify for the Limited Exemption?

You qualify for NY DFS 500.19 limited exemption if you meet ALL three criteria: fewer than 10 employees (including contractors), less than $5 million in gross annual revenue (3-year average), and less than $10 million in year-end total assets. Use our free exemption calculator on the DFS Compliance page to check your status.

Do I need a CISO even as a small business?

Only if you don't qualify for the limited exemption. NY DFS 500.04 requires covered entities to designate a qualified CISO. This doesn't have to be a full-time employee — our Virtual CISO service satisfies this requirement at a fraction of the cost. If you qualify for limited exemption, you're exempt from this requirement.

Is penetration testing really required?

Yes, NY DFS 500.05 requires annual penetration testing for covered entities that don't qualify for the limited exemption. Our penetration testing service includes a DFS-compliant report you can provide to examiners.

Can I add more employees?

Yes. Additional employees beyond your plan's included count are $30/year each on Core, $25/year each on Operations, or $20/year each on Premium. Contact us for volume pricing.

What's included in the free trial?

Our 14-day free trial includes full access to all platform features. No credit card required. You can also schedule a demo to see the platform in action before starting.

Do you offer monthly billing?

Our plans are priced annually to provide the best value for compliance programs that require year-round monitoring. Contact us if you need flexible payment options.

Employee vs Admin: Employees are end users who complete security training and acknowledge policies. Admins are the compliance managers, IT administrators, and business owners who manage the platform. Admin users are unlimited on all plans.

Ready to Get Compliant?

Start your 14-day free trial today. No credit card required. Or schedule a call to discuss your needs.

Start Free Trial(888) 390-0301