Security

TeNova Axiom is built for regulated environments. Security is not a feature; it is the foundation.

Encryption

In Transit

TLS 1.3

HSTS enforced, HTTP/2, no legacy protocol fallback

At Rest

AES-256

Supabase managed encryption for all database storage

Witness Anchors

SHA-256

Cryptographic fingerprints for every compliance verdict

API Keys

SHA-256 Hash

Raw keys shown once at creation, stored only as irreversible hashes

Access Control

  • Row-Level Security (RLS) at the database layer enforces tenant isolation. No tenant can query another tenant's data, even with a valid session.
  • Role-based access control with three roles: admin, analyst (read + attest), and assessor (read-only).
  • Multi-factor authentication (TOTP) available for all accounts.
  • Infrastructure access restricted to SSH key authentication. Password login and root login are disabled.
  • All administrative actions are recorded in an immutable audit log (SI-12).

Vulnerability Management

  • Daily automated vulnerability scanning with Trivy (pinned binary, SHA-256 verified).
  • Scan results correlated against NIST National Vulnerability Database.
  • Automated POA&M generation with severity-based remediation milestones: CRITICAL 7 days, HIGH 30 days, MEDIUM 90 days.
  • CISA Known Exploited Vulnerabilities (KEV) feed correlation and priority boost.
  • Current posture: 0 Critical, 0 High, 3 Medium open findings.

Data Handling

  • AI Witness SDK operates on a zero-knowledge principle. At Clearing Level 1 and above, raw prompts and model responses are never transmitted. Only cryptographic hashes and numeric factors are stored.
  • Infrastructure compliance telemetry is processed deterministically. Raw evidence is not retained after adjudication.
  • All exports (OSCAL SSP, POA&M, Assessment Results) are signed with SHA-256 and anchored in the Sovereign Witness Ledger.
  • Daily encrypted backups with AES-256 symmetric encryption. 7-day retention for daily backups, 4-week retention for weekly backups.

Compliance Alignment

The Axiom platform is built against and continuously evaluated against the following frameworks:

NIST 800-53 Rev 5NIST AI RMF (AI 100-1)CMMC v2.0EU AI Act (2024/1689)FedRAMPDISA STIGsISO 42001GDPR

All compliance evidence is available through the platform itself, including OSCAL-validated exports, cryptographic audit trails, and real-time posture dashboards.

Incident Response

Severity-based response commitments:

SeverityResponseResolution
Critical30 minutes4 hours
High2 hours8 hours
Medium4 hours24 hours
LowNext business day5 business days

Responsible Disclosure

If you discover a security vulnerability in the TeNova Axiom platform or any SWT3 SDK, please report it to security@tenovaai.com. We will acknowledge receipt within 24 hours and provide a resolution timeline within 72 hours. We do not pursue legal action against good-faith security researchers.

For data processing details, see our Data Processing Agreement. For availability targets, see our Service Level Agreement.