Compliance

Turn DNS records into compliance evidence

Email authentication shows up in more frameworks every year — sometimes by name. Trustliant tags every finding with the frameworks it touches, so posture work doubles as audit preparation and insurance-renewal ammunition.

Where email auth is actually required

PCI DSS 4.0 requirement 5.4.1 (mandatory since March 2025) names DMARC, SPF, and DKIM as anti-phishing controls. CIS Controls v8.1 safeguard 9.5 says 'Implement DMARC' verbatim. US federal agencies have been mandated to p=reject since BOD 18-01. We say 'required by' only where that's true — and 'supports' everywhere else (SOC 2, HIPAA, FTC Safeguards, GLBA), because overclaiming compliance is how MSPs lose trust.

Cyber insurance is the universal driver

Carriers increasingly ask about email authentication on applications — and verify by scanning DNS themselves before quoting. DMARC posture is one of the few controls where evidence can be generated externally, automatically, with zero client effort. Trustliant's reports are built to be attached to renewals.

Evidence engine (roadmap)

The full compliance module maps controls to requirements with status, owner, review date, and historical proof — turning 'are we compliant?' into a living answer per framework, per client. The data model ships now; the narrative layer lands next.

For your technicians

Framework tags on every finding (PCI-DSS-4.0-5.4.1, CIS-v8.1-9.5, sender requirements) with the honest required-vs-supports distinction preserved.

For your clients

“When your insurer or auditor asks about email security, the evidence is already written — with before-and-after proof of improvement.”