We can help you achieve your code compliance goals with automation.

Meet compliance requirements, conform with leading security standards and reduce cyber risk. Compliance requirements continue to increase, and business partners often require conformance with an accepted security standard, such as NIST or ISO 27000.

Nucleaus™ drives your code compliance to meet standards for minimizing security risks

With the Nucleaus™ platform, your team can address compliance requirements related to code and application security with out-of-the-box functionality and workflows  that are incorporated into the SDLC and performed prior to the application’s being deployed into the production environment. The Nucleaus™ platform bundles code scanning and vulnerability assessment capabilities while validating conformance to architectural best practices. With Nucleaus™, your teams can stay current with industry trends to ensure code scans address new vulnerabilities.

Nucleaus™ is built around the NIST compliance standards. When scanning your code we make transparent “when your doors are unlocked and windows open”. This gives you the tools to act against the highest priority risks and protect your assets. With the easy to read console, Nucleaus™ gives your teams the necessary information to act accordingly to reduce on a continuous basis vulnerabilities in your code.

 

Our automated platform has coverage for the following compliance standards:

 

  • DE.CM-8: Vulnerability scans are performed
  • ID.RA-1: Asset vulnerabilities are identified and documented
  • ID.RA-2: Threat and vulnerability information is received from information sharing forums and sources
  • PR.IP-12: A vulnerability management plan is developed and implemented
  • RS.AN-5: Processes are established to receive, analyze and respond to vulnerabilities disclosed to the organization from internal and external sources (e.g. internal testing, security bulletins, or security researchers)
  • RS.MI-3: Newly identified vulnerabilities are mitigated or documented as accepted risks
  • CA-2: Security Assessments
  • CA-7: Continuous Monitoring
  • RA-5: Vulnerability Scanning
  • SC-34: Non-Modifiable Executable Programs
  • SI-4: Information System Monitoring
  • SI-7: Software, Firmware, and Information Integrity
  • DE.CM-8: Vulnerability scans are performed
  • ID.RA-2: Threat and vulnerability information is received from information sharing forums and sources
  • PR.IP-12: A vulnerability management plan is developed and implemented
  • RS.MI-3: Newly identified vulnerabilities are mitigated or documented as accepted risks
  • 6.2.16: System and Communications Protection
  • 6.2.17: System and Information Integrity
  • 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified.
  • 3.12.2 Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems.
  • 3.14.1 Identify, report, and correct information and system flaws in a timely manner.
  • The DFARS (Defense Federal Acquisition Regulation Supplement) requires defense contractors to comply with specific cybersecurity requirements detailed in NIST 800-171.
  • A.12.6.1 Technical vulnerability management
  • A.14.2.8 Testing the security functionality of the system.
  • A.12.6.1 Technical vulnerability management
  • A.13.1.2 Identify security mechanisms, service levels, and management requirements related to all network services.
  • A.15.2.2 Addressing security within supplier agreements
  • CWE/SANS TOP 25: The Top 25 Software Errors
  • Critical Security Control #3: Continuous Vulnerability Assessment and Remediation
  • 6.1 Establish a process to identify security vulnerabilities by using reputable outside sources for security vulnerability information and assign a risk ranking to newly discovered security vulnerabilities.
  • 6.2 Risk ranking vulnerabilities
  • 11.2 Requires that vulnerability scanning is performed at least quarterly.
  • OWASP Top 25 Links to the full entry data, Data fields for weakness prevalence and consequences, Code examples and Detection Methods
Nucleaus get in touch banner
See Nucleaus in Action

Sign up to request a demo