Compliance & Regulatory Alignment

VouchCore is designed with awareness of the regulatory frameworks that govern its primary customer segments. Compliance is not a checkbox feature — it is context that informs prioritization and reporting.

NCUA ISE Statement 3.3 (CFIs)

The NCUA Information Security Examination Statement 3.3 addresses email authentication controls as part of the broader examination of cyber hygiene. VouchCore's Email Posture dashboard maps directly to ISE 3.3 subsections:

• ISE 3.3.1 — DMARC policy implementation and enforcement state
• ISE 3.3.2 — SPF record publication and mechanism enforcement
• ISE 3.3.3 — DKIM configuration and key rotation verification
• ISE 3.3.4 — Sending vendor identification and authentication audit

VouchCore can generate an NCUA ISE 3.3 evidence package for enrolled CFI tenants, providing documentation for examination preparation.

CISA BOD 18-01 (SLTT)

CISA Binding Operational Directive 18-01 requires DMARC at p=reject for federal agencies and is the de facto standard for SLTT email security. VouchCore's BOD 18-01 Alignment Score provides a 0–100 composite rating weighted across the four BOD 18-01 control factors.

FTC Safeguards Rule (SMBs)

For financial services businesses subject to the FTC Safeguards Rule, email authentication controls are part of the required information security program. VouchCore's posture documentation supports Safeguards Rule compliance evidence.

What VouchCore Does Not Do

VouchCore does not provide compliance certification, legal advice, or guarantee examination outcomes. VouchCore provides technical findings and documentation that inform your organization's compliance posture. Examination readiness decisions rest with your organization's leadership and legal counsel.