What's Included:

External + authenticated internal vulnerability scanning (up to 50 assets)
Basic penetration testing (network, web apps, and common misconfigurations)
Manual review of critical findings
Detailed technical report with risk ratings, evidence screenshots, and prioritized remediation steps
60-minute debrief call with a certified analyst (e.g., CISSP, CEH, or OSCP)
High-level compliance mapping (NIST 800-171 basics, basic CMMC Level 1/2 readiness notes)
30-day re-scan of remediated critical items at no extra cost