Our automated platform has coverage for the following compliance standards:

Meet compliance requirements, conform with leading security standards and reduce cyber risk. Compliance requirements continue to increase, and business partners often require conformance with an accepted security standard, such as NIST or ISO 27000.

With the Nucleaus platform, your team can address compliance requirements related to code and application security with out-of-the-box functionality and workflows that are incorporated into the SDLC and performed prior to the application’s being deployed into the production environment. The Nucleaus platform bundles code scanning and vulnerability assessment capabilities while validating conformance to architectural best practices. With Nucleaus, your teams can stay current with industry trends to ensure code scans address new vulnerabilities.

Nucleaus is built around the NIST compliance standards. When scanning your code we make transparent “when your doors are unlocked and windows open”. This gives you the tools to act against the highest priority risks and protect your assets. With the easy to read console, Nucleaus gives your teams the necessary information to act accordingly to reduce on a continuous basis vulnerabilities in your code.

NIST CSF v1.1

  • DE.CM-8: Vulnerability scans are performed
  • ID.RA-1: Asset vulnerabilities are identified and documented
  • ID.RA-2: Threat and vulnerability information is received from information sharing forums and sources
  • PR.IP-12: A vulnerability management plan is developed and implemented
  • RS.AN-5: Processes are established to receive, analyze and respond to vulnerabilities disclosed to the organization from internal and external sources (e.g. internal testing, security bulletins, or security researchers)
  • RS.MI-3: Newly identified vulnerabilities are mitigated or documented as accepted risks

NIST 800-171

  • 3.11.2 Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified.
  • 3.12.2 Develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems.
  • 3.14.1 Identify, report, and correct information and system flaws in a timely manner.

NIST CSF v1.0

  • DE.CM-8: Vulnerability scans are performed
  • ID.RA-2: Threat and vulnerability information is received from information sharing forums and sources
  • PR.IP-12: A vulnerability management plan is developed and implemented
  • RS.MI-3: Newly identified vulnerabilities are mitigated or documented as accepted risks

PCI DSS 3.2

  • 6.1 Establish a process to identify security vulnerabilities by using reputable outside sources for security vulnerability information and assign a risk ranking to newly discovered security vulnerabilities.
  • 6.2 Risk ranking vulnerabilities
  • 11.2 Requires that vulnerability scanning is performed at least quarterly.

NIST 800-53 rev4

  • CA-2: Security Assessments
  • CA-7: Continuous Monitoring
  • RA-5: Vulnerability Scanning
  • SC-34: Non-Modifiable Executable Programs
  • SI-4: Information System Monitoring
  • SI-7: Software, Firmware, and Information Integrity

DFARS Compliance

  • The DFARS (Defense Federal Acquisition Regulation Supplement) requires defense contractors to comply with specific cybersecurity requirements detailed in NIST 800-171.

ISO 27002:2013

  • A.12.6.1 Technical vulnerability management
  • A.14.2.8 Testing the security functionality of the system.

ISO 27002:2005

  • A.12.6.1 Technical vulnerability management
  • A.13.1.2 Identify security mechanisms, service levels, and management requirements related to all network services.
  • A.15.2.2 Addressing security within supplier agreements

Critical Security Control

  • CWE/SANS TOP 25: The Top 25 Software Errors
  • Critical Security Control #3: Continuous Vulnerability Assessment and Remediation

NIST 800-82 rev2

  • 6.2.16: System and Communications Protection
  • 6.2.17: System and Information Integrity

OWASP Top Ten

  • OWASP Top 10 Links to the full entry data, Data fields for weakness prevalence and consequences, Code examples and Detection Methods

CWE/SANS TOP 25

  • CWE/SANS TOP 25: The Top 25 Software Errors