Vulnerability management

Nucleus Security Secures FedRAMP in-Process Status

Nucleus Security has achieved the Federal Risk and Authorization Management Program’s in-process status. With the designation, the federal government has easier access to the company’s Nucleus for Government risk-based vulnerability management platform.

NucleusGov incorporates Mandiant’s threat intelligence to automate the identification of vulnerabilities that should be addressed immediately, Nucleus Security said.

The platform also integrates the Cybersecurity and Infrastructure Security Agency’s Binding Operational Directive 22-01 known exploitable vulnerabilities to enable quick detection and mitigation of KEVs present within the systems of federal agencies. Using NucleusGov will help organizations comply with the BOD 22-01 requirements, including remediating each system flaw according to the deadline indicated in the CISA-managed vulnerability catalog.

According to Stephen Carter, co-founder and CEO of Nucleus Security, NucleusGov was specifically designed to be user-friendly for the federal government and large enterprise organizations. “The Nucleus Security team has been passionate about serving the U.S. federal government since our inception when we started building our technology on contract for the Department of Defense,” Carter added.

The company offers the platform through its public sector distributor Carahsoft.

Recently, Nucleus Security was named a sample vendor under the vulnerability prioritization technology category of the Gartner Hype Cycle for Security Operations. The VPT category recognizes tools that simplify the vulnerability analysis and remediation process by identifying and prioritizing high-risk vulnerabilities. According to Gartner, such technologies reduce an organization’s attack surface by preventing the vulnerabilities from being exploited.