Cyber Security

Nucleus Security attains FedRAMP® Moderate Authorization

Nucleus Security, the leading innovator in enterprise risk-based vulnerability management, proudly announces it has achieved Federal Risk and Authorization Management Program (FedRAMP®) authorization at impact level Moderate on the FedRAMP marketplace.

The Authority to Operate (ATO) was issued with sponsorship from the Center for Medicare and Medicaid Services (CMS), after a careful review of the assessment results provided by a certified third-party assessor organization (3PAO), Linford & Co. This achievement is a significant accomplishment for our Public Sector team and will greatly ease the adoption of our secure, Risk-Based Vulnerability Management platform for federal agencies, critical infrastructure providers, defense contractors, and FedRAMP Cloud Service Providers (CSPs).

“Vulnerability exploitation is the number one initial attack vector in breaches, and the public sector is increasingly focused on modernizing and improving their approach to vulnerability management. Binding Operational Directives, such as BOD 19-02 and BOD 22-01, have provided explicit and compulsory direction to federal and executive branch departments and agencies. However, achieving compliance is nearly impossible with traditional vulnerability management tools and programs. We purposefully built Nucleus Security to streamline vulnerability and risk management within large enterprises, U.S. government entities, and those organizations subject to the U.S. government’s stringent vulnerability management requirements.” said Stephen Carter, co-founder and CEO of Nucleus Security.

The challenges associated with vulnerability management are significantly more far-reaching than those of federal organizations themselves. The Defense Industrial Base and CSPs selling services and software to the government must also comply with federal directives and regulations on vulnerability management. For example, the Cybersecurity Maturity Model Certification (CMMC) and FedRAMP frameworks contain numerous controls mandating strict vulnerability management practices and remediation timelines for critical vulnerabilities, including managing all vulnerabilities through the Plan of Action and Milestones (POA&M) process.

Critical benefits for government agencies, CSPs, and defense contractors using Nucleus Security for Government include:

  • A single source of truth for all vulnerability and asset information in the enterprise, correlated to threat intelligence across all information systems.
  • Automation of manual, repetitive, and error-prone vulnerability management tasks mandated by compliance regulations.
  • Support unique federal controls and requirements for continuous monitoring, compliance reporting, and vulnerability status tracking.

In recent strides beyond FedRAMP authorization, Nucleus Security has proudly expanded its government-related accomplishments by securing a spot on the Continuous Diagnostics and Mitigation (CDM) Approved Products List and forging strategic partnerships with InQTel, Thundercat, Norseman, Carahsoft, Guidepoint Federal, and other leading solution providers. “These milestones not only reflect Nucleus’s product market fit within government sectors, but also our ongoing dedication to contributing to national security,” said Scott Kuffer, co-founder and COO of Nucleus Security.

Nick Fleming, co-founder of Nucleus Security, continued: “This authorization is a full-circle moment for us, signifying our homecoming to the federal sector. It validates our mission to solve the most critical cybersecurity challenges for the most essential organizations in the government and critical infrastructure sectors.”

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

Related posts

92% of CISOs Question Future of Their Role Amidst Growing AI Pressures

Business Wire

ICS Achieves SOC 2 Type 2 Certification

PR Newswire

Resecurity wins GOVIES Government Security Award 2024 for Risk Analysis

Business Wire