# Sanctum SecOps LLC Service Catalog and Pricing

Pricing is draft guidance. Final quotes should reflect scope, risk, travel, urgency, compliance requirements, tool licensing, insurance constraints, and client maturity.

## Core monthly retainers

### Foundation Security Retainer

Target: small organizations that need a documented security baseline.

Typical monthly range: `500` to `2,500`.

Includes:

- Monthly security health review.
- Microsoft 365/Entra baseline review.
- MFA and admin account hygiene.
- Basic endpoint/compliance posture review.
- Firewall/VPN/DNS hygiene checks.
- Asset inventory maintenance.
- Backup/DR status review.
- Monthly executive summary.

### Managed Security Operations Retainer

Target: organizations needing recurring hands-on security operations.

Typical monthly range: `2,500` to `7,500`.

Includes:

- Everything in Foundation.
- Intune/endpoint policy operations.
- Conditional access operations.
- Vulnerability/remediation coordination.
- RMM/alert triage workflow.
- Security documentation maintenance.
- Quarterly tabletop or readiness review.
- Vendor/security stack coordination.

### Fractional CISO Retainer

Target: leadership teams needing governance, risk, compliance, and security roadmap ownership.

Typical monthly range: `3,000` to `8,000`.

Includes:

- Security roadmap.
- Risk register.
- Board/leadership reporting.
- Policy roadmap.
- Cyber insurance support.
- Vendor risk review.
- Incident response planning.
- Compliance evidence strategy.

## Productized projects

### Security Baseline Assessment

Typical fixed range: `2,500` to `7,500`.

Deliverables:

- Environment summary.
- Identity and access findings.
- Endpoint and network findings.
- Backup/DR findings.
- Risk-ranked remediation plan.
- Executive summary.

### Microsoft 365 / Entra / Intune Hardening Sprint

Typical fixed range: `3,500` to `12,000`.

Deliverables:

- MFA enforcement plan.
- Conditional access baseline.
- Admin role review.
- Device compliance profile.
- Security defaults / baseline review.
- Documentation package.

### PKI and Certificate Authority Design

Typical fixed range: `5,000` to `20,000`.

Deliverables:

- Root/intermediate CA design.
- Vault or ADCS design.
- Certificate policy draft.
- Key ceremony checklist.
- Revocation/CRL/OCSP plan.
- Lifecycle automation plan.

### CMMC Readiness Gap Assessment

Typical fixed range: `7,500` to `25,000`.

Deliverables:

- Scope discussion.
- Asset category review.
- NIST SP 800-171 mapping.
- SSP/POA&M starter structure.
- External service provider notes.
- Remediation roadmap.

### UniFi / WatchGuard Secure Network Cleanup

Typical fixed range: `2,500` to `10,000`.

Deliverables:

- Network diagram.
- VLAN/SSID review.
- Firewall policy review.
- Admin access review.
- Backup/export process.
- Change-control notes.

## Proof-of-concept offers

### PKI Trust Portal POC

Typical fixed range: `2,500` to `6,500`.

Goal: create a public-facing trust demonstration that proves security maturity.

Deliverables:

- Demo trust portal.
- Certificate inventory sample.
- Root/intermediate CA explainer.
- CRL/OCSP roadmap.
- Client-facing trust narrative.

### CMMC Evidence Starter Kit

Typical fixed range: `3,000` to `9,000`.

Goal: help a client understand what evidence they have and what they lack.

Deliverables:

- Evidence inventory.
- Control-family status snapshot.
- Missing document list.
- POA&M starter.
- Executive risk brief.

## Positioning rule

Do not sell “hours.” Sell outcomes:

- Reduced operational ambiguity.
- Better identity control.
- Better audit evidence.
- Better cyber insurance posture.
- Cleaner vendor management.
- Better executive visibility.
- Higher readiness for CMMC or regulated work.
