You can have a single Enforcement Policy per service, but each rule in the policy can have multiple Enforcement Profiles. By using device groups, and limiting the profile per device group, you can just put in all profiles. ClearPass will only return the attributes from the profiles that match the device group.
Another approach may be to split up the services, one for the Nexuses and another for the other Cisco devices and see if you can match one of the sent attributes (or the device group) to make ClearPass select on or the other service.
Either approach should work, and which one to pick is probably a matter of personal preference.