About Nexus SecOps¶
Project Vision¶
The Nexus SecOps Benchmark (NSO) exists to answer a simple but consequential question:
"How do we know if our AI-augmented security operations are actually good?"
Existing security frameworks provide excellent broad coverage, but few offer the operational depth to evaluate a modern SOC that uses machine learning, large language models, and automated response at scale. Nexus SecOps fills this gap.
Mission¶
- Educate — Provide comprehensive, practical learning material for SOC professionals at all levels.
- Standardize — Define normative, measurable requirements for assessing and communicating SOC maturity.
- Accelerate — Give teams a ready-to-use framework that reduces time from "we need to improve" to "here is our roadmap."
Why Another Benchmark?¶
Gap Analysis
| Gap in Existing Frameworks | What Nexus SecOps Provides |
|---|---|
| No AI/ML-specific SOC controls | 40 controls for AI/ML model ops and LLM governance (Nexus SecOps-161–200) |
| Limited detection engineering depth | 20 controls for detection-as-code, content lifecycle, coverage (Nexus SecOps-031–050) |
| Sparse automation safety guidance | 15 controls for SOAR safety, human-in-the-loop, rollback (Nexus SecOps-096–110) |
| No LLM/GenAI operational guidance | 20 controls for prompt injection defense, grounding, hallucination detection (Nexus SecOps-181–200) |
| Maturity models not tailored to SOC ops | 5-level maturity model with SOC-specific capability gates |
Design Principles¶
1. Normative¶
Requirements use RFC 2119 language precisely:
- MUST — Absolute requirement. Failure is a critical gap.
- SHOULD — Strongly recommended. Deviation requires documented justification.
- MAY — Optional enhancement based on risk and context.
2. Measurable¶
Every control defines leading and lagging metrics with target values. Maturity is quantifiable — not just a checkbox.
3. Auditable¶
Every control specifies evidence artifacts an auditor would collect and tests a practitioner would perform to validate compliance.
4. Maturity-Based¶
Controls are tagged to maturity levels 0–5. Organizations at Level 1 are not expected to implement Level 4 controls. Progression is gated and realistic.
5. Mappable¶
Every control maps to at least one external framework: NIST CSF 2.0, CIS Controls v8, ISO/IEC 27001, NIST SP 800-53, MITRE ATT&CK/D3FEND, or NIST AI RMF. Nexus SecOps complements, not replaces, these frameworks.
6. Tool-Agnostic¶
Nexus SecOps references tool categories, not specific vendors. Any compliant toolset satisfies the requirements.
Defensive-Only Commitment¶
Boundary Statement
Nexus SecOps contains no step-by-step exploitation tutorials, malware development guidance, evasion techniques, or offensive hacking methodologies. All examples use synthetic data. Attacker behaviors are described only conceptually — sufficient for building detections, never with detail sufficient to reproduce attacks.
Framework Relationships¶
graph TB
NSO["Nexus SecOps<br/>(SOC Operational Depth)"]
CSF["NIST CSF 2.0<br/>(Strategic)"]
CIS["CIS Controls v8<br/>(Technical Safeguards)"]
ISO["ISO 27001<br/>(ISMS)"]
N800["NIST 800-53<br/>(Control Catalog)"]
MITRE["MITRE ATT&CK / D3FEND<br/>(Threat/Defense Model)"]
AIRF["NIST AI RMF<br/>(AI Risk)"]
Nexus SecOps -- "maps to" --> CSF
Nexus SecOps -- "maps to" --> CIS
Nexus SecOps -- "maps to" --> ISO
Nexus SecOps -- "maps to" --> N800
Nexus SecOps -- "maps to" --> MITRE
Nexus SecOps -- "maps to" --> AIRFPart of Transcendentia¶
Transcendentia Ecosystem
Nexus SecOps is part of the Transcendentia family of cybersecurity and technology projects:
- Nexus SecOps — Free cybersecurity education platform (you are here)
- IronClad Empire — Managed security services and consulting
- REngine — Security automation and orchestration engine
- GovBridge — Government compliance and FedRAMP readiness
Each project operates independently. Nexus SecOps is free and always will be.
License¶
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)
You are free to share and adapt this material for non-commercial purposes with attribution and under the same license.
Version¶
| Field | Value |
|---|---|
| Version | 2.0.0 |
| Release Date | March 2026 |
| Status | Production |
| Next Review | September 2026 |