NY DFS Section 500.05 Compliant

Security Assessments for Small Business

Find vulnerabilities before attackers do. Our penetration testing and vulnerability assessments meet NY DFS requirements at small business prices.

Request Quote (888) 390-0301

NY DFS Requirements

Section 500.05 requires annual penetration testing and bi-annual vulnerability assessments:

500.05(a)(1)Penetration Testing

Annual testing by qualified internal or external party

500.05(a)(2)Vulnerability Assessments

Bi-annual automated scanning of information systems

Assessment Services

Comprehensive security testing to identify vulnerabilities and meet compliance requirements.

Penetration Testing

DFS 500.05(a)(1)

Simulated cyber attacks to identify security weaknesses before real attackers do.

External Penetration Test

Test your internet-facing systems, websites, and applications.

Starting at $3,500

Internal Penetration Test

Test your internal network from an insider threat perspective.

Starting at $4,500

Web Application Test

Deep dive into your web applications for OWASP Top 10 vulnerabilities.

Starting at $5,000

Vulnerability Scanning

DFS 500.05(a)(2)

Automated scans to identify known vulnerabilities across your environment.

Network Vulnerability Scan

Scan all network devices, servers, and workstations for vulnerabilities.

Starting at $500

Web Application Scan

Automated scanning of web applications for common vulnerabilities.

Starting at $750

Continuous Scanning

Ongoing monthly scans with trend reporting.

$250/month

Risk Assessment

DFS 500.09

Identify, analyze, and prioritize cybersecurity risks to your business.

Initial Risk Assessment

Comprehensive baseline assessment of your security posture.

Starting at $2,500

Annual Risk Review

Annual update to your risk assessment as required by NY DFS.

Starting at $1,500

Risk Assessment + Remediation

Assessment plus hands-on help implementing fixes.

Starting at $5,000

Social Engineering Tests

Test your human firewall with realistic social engineering simulations.

Phishing Campaigns

Test employee awareness with realistic phishing simulations.

Starting at $500

Vishing (Voice Phishing)

Phone-based social engineering tests targeting your staff.

Starting at $1,000

Physical Security Test

Attempt to gain unauthorized physical access to your facilities.

Starting at $2,000

Our Assessment Process

A structured approach to identify and address security vulnerabilities.

Scoping

Define the assessment scope, targets, and rules of engagement.

Testing

Conduct the assessment using industry-standard methodologies.

Analysis

Analyze findings and determine risk levels and business impact.

Reporting

Deliver detailed report with findings, risk ratings, and remediation steps.

Remediation

Optional hands-on support to fix identified vulnerabilities.

Audit-Ready Deliverables

Every assessment includes detailed documentation that satisfies NY DFS examination requirements:

Executive summary for leadership

Technical findings with severity ratings

Proof-of-concept evidence

Remediation recommendations

Risk-ranked priority list

Re-test verification (optional)

Sample Report Contents

Executive Summary2-3 pages

Methodology & Scope3-5 pages

Findings & Evidence10-30 pages

Risk RatingsCVSS scoring

Remediation GuideStep-by-step

AppendicesRaw scan data

Schedule Your Security Assessment

Get a free scoping call to determine the right assessment for your business and budget.

Request Quote Call (888) 390-0301