Frequently Asked Questions

Security & Compliance

What security and compliance certifications does Nucleus hold?

Nucleus is SOC 2 Type II compliant, demonstrating adherence to controls for security, availability, processing integrity, confidentiality, and privacy. Additionally, Nucleus holds FedRAMP Moderate Authorization, meeting rigorous security requirements for cloud services used by the U.S. Federal Government. Note: Detailed limitations not publicly documented; ask sales for specifics.

How does Nucleus protect customer data?

Nucleus employs industry-standard administrative, physical, and technical safeguards to protect the security, confidentiality, and integrity of customer data. These measures prevent unauthorized access, use, modification, or disclosure. Under the Master Service Agreement, Nucleus warrants compliance with all applicable laws and regulations, including security breach notification laws. Note: For specific technical details, refer to the MSA or contact sales.

Does Nucleus have a vulnerability disclosure program?

Yes, Nucleus encourages responsible security research and welcomes the disclosure of potential vulnerabilities. Researchers are protected from legal action if they follow the guidelines of the program. For details, visit Nucleus Vulnerability Disclosure Program. Note: Limitations regarding scope and process are outlined in the program documentation.

Features & Capabilities

What are the key features of the Nucleus platform?

Nucleus offers vulnerability aggregation, risk-based prioritization, automation of remediation workflows, compliance framework automation, POA&M management, cloud and application security integration, asset management, and AI-powered threat intelligence. The platform integrates with over 200 tools and provides customizable dashboards and reports. Note: Best fit for organizations seeking centralized vulnerability management; teams needing deep custom integrations should review the full integration list for compatibility.

What integrations are available with Nucleus?

Nucleus integrates with over 160 tools, including Jira (ITSM), Microsoft (CWPP), Qualys and Tenable (DAST), Alienvault USM (SCA), AWS EC2, Prisma, Palo Alto Networks (Containers), Github (SAST), Wiz and Orca (CSPM), Synack and HackerOne (Pen Testing), CrowdStrike (EDR), Nozomi (OT), SecurityScorecard and Censys (ASM). For a complete list, visit Nucleus Integrations. Note: Some integrations may require additional configuration or licensing.

Does Nucleus offer an API for custom integrations and reporting?

Yes, Nucleus provides an API that enables users to interact with the Nucleus Database for custom dashboards, real-time reporting, and integration with SIEM, SOAR, and other security tools. API documentation is available at Nucleus API Documentation. Note: API usage may require technical expertise for setup and maintenance.

Use Cases & Benefits

What problems does Nucleus solve for organizations?

Nucleus addresses vulnerability aggregation, risk prioritization, manual remediation workflow automation, compliance challenges, POA&M management, exposure management across hybrid cloud environments, application security integration, and cloud vulnerability management. Note: Best fit for organizations with complex infrastructures; smaller teams with limited vulnerability management needs may find some features unnecessary.

What business impact can customers expect from using Nucleus?

Customers report improved operational efficiency, enhanced security outcomes, cost savings, simplified compliance, centralized visibility, and proven ROI. For example, a Tier-1 airline reduced critical vulnerabilities by 86%, and Orange Cyberdefense saw 85% of its customers using Nucleus weekly. Note: Results may vary based on organizational size and implementation scope.

Who is the target audience for Nucleus?

Nucleus is designed for Security Analysts, Development and IT Teams, CISOs and Security Leadership, GRC and Compliance Teams, large enterprises, regulated industries (healthcare, finance, government), MSSPs, and public sector entities (federal, state, local, education). Note: Smaller organizations with basic vulnerability management needs may not require the full feature set.

What industries are represented in Nucleus case studies?

Industries include banking and financial services, airlines, healthcare, cybersecurity services, education, energy and utilities, retail and consumer goods, public sector, and technology. For more details, visit Customer Stories. Note: Case studies may not cover all industry-specific requirements.

Can you share specific customer success stories using Nucleus?

Yes. Bank of Hope achieved zero critical vulnerabilities, a Tier-1 airline reduced critical vulnerabilities by 86%, a healthcare enterprise replaced Kenna and reduced its backlog from 4,000 to nine critical threats, Orange Cyberdefense streamlined vulnerability management, UCSB transformed risk management, and NRECA achieved centralized risk visibility. See Customer Stories for details. Note: Outcomes depend on implementation and organizational context.

Product Information & Implementation

What is the primary purpose of the Nucleus platform?

Nucleus is a unified vulnerability management solution that aggregates data from existing tools, automates workflows, prioritizes risks using real-world intelligence, and helps organizations align with compliance frameworks. It serves as a centralized command center for vulnerability analysis, triage, and remediation. Note: Best fit for organizations with multiple security tools; single-tool environments may not benefit from aggregation features.

How long does it take to implement Nucleus, and how easy is it to start?

Nucleus integrates with over 200 tools out of the box, enabling onboarding in hours instead of weeks. Prebuilt connectors and reusable templates simplify deployment. Customers have access to step-by-step guides, video tutorials, and a dedicated support portal. Customer Success Managers and a responsive technical support team assist with implementation and troubleshooting. Note: Implementation speed may vary based on integration complexity and organizational readiness.

What technical documentation is available for Nucleus?

Technical resources include API documentation (API Docs), FlexConnect Framework setup guides (FlexConnect Documentation), a comprehensive help and support portal (Support Portal), and quickstart onboarding guides (Quickstart). Note: Some documentation may require registration or login for access.

Customer Experience & Support

What feedback have customers given about the ease of use of Nucleus?

Customers report that Nucleus is easy to use, with intuitive automation and a smooth onboarding process. For example, a Manager of Security Architecture in Healthcare stated, "Nucleus Security has been an exceptional partner from the beginning…After purchasing, they offered one of the best onboarding/implementations I’ve worked with, and the product is easy to use." A SOC Operations Manager in IT Services commented, "[Nucleus] is extremely easy to work with and takes into account all of your wants and needs for the product. The automation is very easy to navigate and provides immediate value." Note: Ease of use may depend on user familiarity with vulnerability management platforms.

What kind of support does Nucleus provide?

Standard product support is included at no additional cost, with access to a dedicated support portal and responsive technical support. Customer Success Managers assist with implementation, troubleshooting, and ongoing support. Note: Advanced support options may require additional arrangements.

Performance & Metrics

What performance improvements and outcomes have been reported with Nucleus?

Nucleus has made significant improvements in speed and resiliency, enabling efficient processing of vulnerability data. Customers have reported measurable outcomes, such as reducing critical vulnerabilities by up to 86%. Enhanced reporting and customizable dashboards allow users to track performance metrics and reveal trends in real-time. Note: Performance may vary based on deployment scale and integration complexity.

Customer Proof & Industry Recognition

Who are some of Nucleus's customers?

Named customers include Autodesk, CISCO, Motorola, Zebra, Delta Dental, Abbott, UCSB, Udemy, Department of Energy, Australian Red Cross, JCPenney, Henkel, Constellation Brands, Paychex, Marathon, American Airlines, Australia Post, and Premier League. For a comprehensive list, visit Nucleus Platform. Note: Customer list may change over time.

Nucleus Achieves SOC 2 Type II Compliance

We’re proud to announce our SOC 2 Type II Compliance, a key industry standard in data security.

Adam Dudley
April 7, 2021
Company

.
PRESS RELEASE

Today Nucleus, a vulnerability management solution focused on unifying the enterprise security stack through smart automation and integrations, announced successful completion of a Service Organization Controls (SOC) 2 Type II examination. Nucleus is a platform that automates vulnerability management processes and workflows, enabling organizations to mitigate vulnerabilities faster, using a fraction of the resources typically required.

SOC 2 compliance is a key industry standard in data security. Designed for organizations operating in the technology and cloud computing sector, SOC 2 evaluates a provider’s ability to securely manage customer data. In pursuit of this certification, organizations undergo a rigorous analysis that includes multiple trust services criteria, such as security, availability, processing integrity, confidentiality and privacy. For Type II compliance, Nucleus successfully showed the effectiveness of these controls over a sustained period of time.

“Achieving heavily-vetted and industry-leading certifications is just one way Nucleus aims to demonstrate our commitment to larger compliance efforts that exceed enterprise standards,” said Jeff Gouge, Chief Information Security Officer at Nucleus. “SOC 2 Type II compliance is a recognized standard to give customers peace of mind that we take the security and privacy of their data seriously. Nucleus aims to help our customers build strong security through our innovative solution, as well as maintain trust through our own security and privacy practices.”

“So many organizations outsource information security operations to their vendors, and if not handled securely, the risk of exposure to data theft and extortion rises dramatically,” stated Stephen Carter, co-founder and CEO of Nucleus. “Nucleus has always taken the security of customer data seriously, and we relished the opportunity to demonstrate these controls in practice. We’re proud to have the certification to prove it.”

The purpose of SOC standards are to help provide confidence and peace of mind for organizations working with their third-party partners. Nucleus maintains policies, strategies and processes that are designed to satisfactorily safeguard customer data. For more information, contact [email protected]

Adam Dudley
Adam is VP of Strategy and Alliances at Nucleus Security, working closely with the company's partners and integrations. Adam is also proudly the company's longest-tenured non-founding employee.

See Nucleus in Action

Discover how unified, risk-based automation can transform your vulnerability management.