Catch up on the latest news from Carahsoft and our partner ecosystem


From Carahsoft & Our Partners

Nucleus Security Achieves FedRAMP in Process While Accelerating Federal Adoption

Partnerships with Mandiant and Carahsoft reinforce the benefits of the Nucleus for Government (NucleusGov) platform for solving federal vulnerability management needs

SARASOTA, Fla. — August 9, 2022 — (BUSINESS WIRE) — Nucleus Security, a leader in risk-based vulnerability management and process automation, today announced acceleration of adoption within the federal government through achieving FedRAMP in-process status. The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security authorizations for Cloud Service Offerings.

Nucleus Security has made additional investments benefiting federal agencies through partnerships including Mandiant, Carahsoft and many more. Mandiant threat intelligence is incorporated into the Nucleus for Government (NucleusGov) platform which provides federal agencies with the intelligence needed to prioritize vulnerability remediation based on exploitability. In partnership with Carahsoft, our public sector distributor, Nucleus Security is strategically aligned with federal procurement processes making it easier to gain access to the NucleusGov risk-based vulnerability management platform.

“The Nucleus Security team has been passionate about serving the U.S. federal government since our inception, when we started building our technology on contract for the Department of Defense. We are committed to making it easy for federal agencies to do business with us,” said Stephen Carter, co-founder and CEO of Nucleus Security. “We intimately understand the challenges federal agencies face with vulnerability management sprawl, and we’ve used our experience to build the NucleusGov platform in a way that is designed for ease of use by the federal government and large enterprise organizations.”

Nucleus Security has committed to submitting the FedRAMP SSP package in both the standard Microsoft Word format as well as in OSCAL (Open Security Controls Assessment Language). Nucleus Security has partnered with GSA’s 10x program to submit and validate the SSP in OSCAL format. These automated validations enable automated initial reviews to help expedite the time it takes to review packages.

By combining the aggregation, analytics, and vulnerability management orchestration capabilities of NucleusGov with the insight and threat intelligence provided from the Mandiant team, practitioners can accelerate the vulnerability prioritization and triage process using automation at scale. Nucleus Security has also incorporated CISA BOD 22-01 Known Exploitable Vulnerabilities (KEV) into the NucleusGov platform. This enables federal agencies to quickly gain visibility into what CISA KEV are present within their infrastructure, provides the ability to prioritize remediation and easily report on status, and supports organizations in meeting compliance set by the BOD 22-01.

Nucleus Security will be at the 2022 Black Hat conference from August 9-11. Visit us at Booth 44 in the Innovation City to learn more about NucleusGov.


About Nucleus Security
Nucleus Security is a Risk-Based Vulnerability Management (RBVM) solution that automates time-consuming vulnerability management processes, enabling large and complex enterprises to scale their vulnerability management program and remediate vulnerabilities 10x faster, without any additional resources. Supporting nearly 100 integrations, Nucleus Security creates a unified asset and vulnerability inventory, and provides the automation engine needed to eliminate the stovepipes of chaos found in large enterprise vulnerability management programs today. Harness the power of a unified vulnerability solution today at


Taylor Hadley
LaunchTech Communications
(978) 877-2113

View source version on Business Wire