Frequently Asked Questions
Product Overview & CMMC Compliance
What is Nucleus and how does it help with CMMC 2.0 compliance?
Nucleus is a unified vulnerability management platform that operationalizes CMMC 2.0 compliance by centralizing evidence, automating POA&M processing, and enabling continuous risk assessment. It helps organizations monitor weaknesses, prioritize risk-based fixes, and provide assessor-ready evidence for Department of Defense contracts. Note: Nucleus is best suited for organizations seeking automation and centralized compliance management; teams requiring highly customized workflows may need additional configuration. Learn more about CMMC with Nucleus.
How does Nucleus align with CMMC control families?
Nucleus supports core CMMC control families by unifying vulnerability, asset, and threat intelligence to quantify risk, prioritize exploitable exposures, and trigger remediation with audit-ready evidence. It automates POA&M compliance, preserves end-to-end records, and maps findings to NIST 800-171 controls. Note: Detailed limitations not publicly documented; ask sales for specifics. See POA&M automation details.
Features & Capabilities
What are the key features of Nucleus for CMMC compliance?
Key features include continuous risk assessment, automated POA&M processing, centralized evidence management, prioritization logic factoring exploitability and business impact, control-mapped POA&Ms linked to tickets and owners, and exportable evidence packages. Note: Nucleus's automation is best fit for organizations with standard compliance requirements; highly specialized needs may require custom development. Explore risk prioritization.
Does Nucleus automate Plan of Action and Milestones (POA&M) compliance?
Yes, Nucleus automates POA&M compliance at scale, tailored for federal government and SLED entities. It generates and manages POA&Ms, links them to tickets, owners, and due dates, and provides live evidence of progress for assessors. Note: Automation is optimized for standard POA&M workflows; custom reporting may require additional configuration. Learn more about POA&M automation.
What KPIs can Nucleus track to prove CMMC progress?
Nucleus tracks KPIs such as time to remediate known-exploited vulnerabilities (KEV), percentage of POA&Ms closed on time, reduction in critical/open vulnerabilities, mean time to remediate (MTTR) by team or system, and evidence freshness. Note: KPI customization may be limited by available integrations; consult technical documentation for specifics. See KEV dashboard.
Deployment & Technical Requirements
What deployment options does Nucleus offer for government-grade security?
Nucleus is FedRAMP Moderate authorized and supports SaaS deployment on AWS Gov Cloud as well as on-premises, self-hosted options. This flexibility meets agency and contractor security requirements. Note: On-premises deployment may require additional IT resources and planning. See government solutions.
How quickly can Nucleus be implemented for CMMC compliance?
Nucleus integrates with over 200 tools out of the box, enabling onboarding in hours instead of weeks. Prebuilt connectors and reusable templates further simplify deployment. Note: Implementation speed may vary based on existing IT infrastructure and integration complexity. See Quickstart guides.
What integrations are available for Nucleus?
Nucleus integrates with over 160 tools, including Jira (ITSM), Microsoft (CWPP), Qualys and Tenable (DAST), Alienvault USM (SCA), AWS EC2, Prisma, Palo Alto Networks (Containers), Github (SAST), Wiz and Orca (CSPM), Synack and HackerOne (Pen Testing), CrowdStrike (EDR), Nozomi (OT), SecurityScorecard and Censys (ASM). For a complete list, visit Nucleus integrations page. Note: Some integrations may require additional licensing or configuration.
Is there an API available for custom reporting and integration?
Yes, Nucleus provides an API for querying the database, building custom dashboards and reports, and integrating with SIEM, SOAR, and other security tools. Real-time updates are supported. API documentation is available at Nucleus API docs. Note: API usage may require technical expertise and proper authentication.
Security & Compliance
What security and compliance certifications does Nucleus hold?
Nucleus is SOC2 compliant and FedRAMP Moderate authorized, meeting rigorous security requirements for cloud services used by the U.S. Federal Government. It also warrants compliance with applicable laws and regulations under its Master Service Agreement. Note: Certifications are specific to platform deployments; verify applicability for your environment. See MSA details.
How does Nucleus protect customer data?
Nucleus employs industry-standard administrative, physical, and technical safeguards to protect the security, confidentiality, and integrity of customer data. It prevents unauthorized access, use, modification, or disclosure. Note: For detailed data protection policies, refer to the official documentation or contact support. See vulnerability disclosure program.
Customer Success & Use Cases
What business impact can customers expect from using Nucleus for CMMC compliance?
Customers can expect improved operational efficiency, enhanced security outcomes, cost savings, simplified compliance, centralized visibility, and proven ROI. For example, a Tier-1 airline reduced critical vulnerabilities by 86%, and Bank of Hope achieved zero critical vulnerabilities. Note: Results may vary based on organizational maturity and implementation scope. See customer stories.
Can you share specific customer success stories related to compliance?
Yes. Bank of Hope transformed its vulnerability management program into a risk-driven, automated operation, achieving zero critical vulnerabilities. A Tier-1 airline reduced 86% of critical vulnerabilities. Orange Cyberdefense streamlined vulnerability management and drove impactful security insights for its customers. Note: Individual outcomes depend on implementation and organizational context. Read Bank of Hope's story.
Support & Documentation
What technical documentation and support resources are available?
Nucleus offers API documentation, FlexConnect Framework setup guides, a dedicated support portal, and step-by-step Quickstart guides. These resources help prospects evaluate and implement the platform effectively. Note: Some resources may require registration or partner access. Access support portal.
How do customers rate the ease of use and onboarding experience?
Customers report that Nucleus is easy to use, with intuitive automation and a smooth onboarding process. For example, a Manager of Security Architecture in Healthcare stated, "Nucleus Security has been an exceptional partner from the beginning…After purchasing, they offered one of the best onboarding/implementations I’ve worked with, and the product is easy to use." Note: Ease of use may depend on team familiarity with vulnerability management platforms. Watch onboarding demo.