Legal & Compliance

Governance, regulatory alignment, and policy documentation for Tereda Software LLC.

Tereda Software LLC operates under the laws of the State of Connecticut and the United States. As a software engineering firm serving federal, state, and commercial clients, we maintain documented policies covering cybersecurity, data handling, accessibility, export compliance, and responsible disclosure. These policies reflect our commitment to the regulatory frameworks governing the work we perform — not boilerplate.

Security & Data Handling Policy

Cybersecurity framework alignment, CUI handling posture, incident response obligations, supply chain risk management, and secure development practices. References NIST SP 800-171, CMMC, DFARS 252.204-7012, and related standards.

Read Policy

Accessibility Statement

Section 508 conformance and WCAG 2.1 Level AA commitment. VPAT/ACR availability, testing methodology, assistive technology support, and how to report accessibility barriers.

Read Statement

Export Compliance

Export Administration Regulations (EAR) compliance, classification practices, screening procedures, and cloud data handling under U.S. export control law.

Read Policy

Vulnerability Disclosure Policy

How to report security vulnerabilities in Tereda Labs systems. Safe harbor protections, scope, response timelines, and alignment with ISO 29147 and NIST SP 800-61.

Read Policy

Privacy Policy

How we collect, use, and protect information. Data retention, third-party services, federal data handling considerations, and your rights under applicable law.

Read Policy

Terms of Service

Website usage terms, intellectual property rights, data handling obligations, government engagement provisions, and governing law. Separate agreements govern delivered services.

Read Terms
Regulatory Alignment

Standards & Frameworks

Tereda Labs maintains alignment with the following federal and industry standards. Posture statements use precise language — "aligned to" means architectural compliance with framework requirements; "certified" means formal third-party validation has been completed.

Cybersecurity
  • NIST SP 800-171 Rev. 2
  • NIST SP 800-53 Rev. 5
  • CMMC 2.0 (Level 2 Readiness)
  • NIST SP 800-207 (Zero Trust)
  • FAR 52.204-21
  • DFARS 252.204-7012
Software & Supply Chain
  • NIST SP 800-218 (SSDF)
  • NIST SP 800-161 Rev. 1 (C-SCRM)
  • Executive Order 14028 (SBOM)
  • NIST SP 800-88 Rev. 1 (Sanitization)
Accessibility & Privacy
  • Section 508 / WCAG 2.1 AA
  • GDPR / CCPA
  • 32 CFR Part 2002 (CUI)
Incident & Disclosure
  • NIST SP 800-61 Rev. 2 (IR)
  • ISO 29147 (Vuln. Disclosure)
  • ISO 30111 (Vuln. Handling)
  • DFARS 252.204-7012(c) (72-hr)

Framework alignment reflects current architectural posture and documented policies. Formal certification status for individual frameworks is available upon request. Tereda Labs does not claim certifications that have not been independently validated.

Legal Inquiries

For legal, compliance, regulatory, or policy-related questions, contact our legal team.

Tereda Software LLC · Connecticut, USA