Contact

The Information Security Authority operates as a public-reference provider network covering the cybersecurity service sector across the United States. This page defines the available contact channels, the geographic scope of inquiries handled, and the information that should accompany any submission to ensure efficient processing. Submissions related to providers, classification corrections, and sector reference questions fall within scope; requests for legal interpretation or licensed professional advice do not.

Additional contact options

The provider network maintains a structured intake process for distinct inquiry categories. Each category routes to a different review process, and matching the submission to the correct channel reduces processing time.

The four primary inquiry types are:

  1. Provider submissions and updates — Organizations seeking to add, amend, or remove a provider from the Information Security Providers provider network should use the providers intake form rather than the general message channel.
  2. Scope and classification questions — Questions about how the provider network classifies service categories, regulatory bodies, or practitioner credential types should reference the page before submission. Many classification questions are addressed there directly.
  3. Editorial corrections — Factual errors in published provider network content — including misattributed regulatory citations, outdated agency names, or incorrect statutory references — are handled through the corrections queue. A specific citation or URL to the affected page should accompany the report.
  4. Research and reference inquiries — Academic researchers, journalists, and policy analysts referencing provider network content for published work may request clarification on sourcing methodology or coverage scope.

General inquiries that do not fit one of the four categories above are accepted through the standard message channel described in the section below.

How to reach this office

The primary contact method is the site's web-based message form, accessible from this page. The form routes submissions to the appropriate review process based on inquiry type. No telephone support line operates for this provider network; all intake is handled through written submission to preserve record accuracy and ensure traceable correspondence.

Response timelines vary by inquiry type. Editorial corrections involving a named regulatory agency — such as the Cybersecurity and Infrastructure Security Agency (CISA), the National Institute of Standards and Technology (NIST), or the Federal Trade Commission (FTC) — are prioritized because inaccurate regulatory attributions carry downstream consequences for professionals relying on provider network content.

Submissions referencing NIST publications should include the specific document identifier where possible — for example, NIST SP 800-53 Rev 5 or NIST SP 800-171 — rather than a general reference to NIST guidance. This specificity allows automated systems to locate and verify the cited material against the NIST Computer Security Resource Center without additional back-and-forth.

Submissions that arrive without sufficient identifying information about the issue being raised will be held pending clarification before entering the review process.

Service area covered

The Information Security Authority provider network operates at national scope, covering the United States. Providers, regulatory references, and practitioner credential classifications reflect the US cybersecurity sector, including federal frameworks administered by agencies such as CISA, NIST, the Department of Defense (DoD), and the Office of Management and Budget (OMB).

The provider network does not function as a state-by-state licensing registry. State-level licensing requirements for cybersecurity practitioners differ across jurisdictions — for example, penetration testing activities intersect with private investigator licensing statutes in states including Virginia and Michigan — and those determinations fall outside this provider network's scope. Inquiries requiring state-specific licensing interpretation should be directed to the relevant state professional licensing board or a licensed attorney.

Two coverage boundaries are worth distinguishing:

Inquiries that fall outside the provider network's national US scope will receive a response noting the boundary and, where possible, a pointer to the appropriate primary source.

What to include in your message

A complete submission contains 4 elements that allow automated systems to assess and route the inquiry without requesting additional information:

  1. Page reference — The URL or page title within the network that the inquiry concerns. For new provider submissions, include the organization name and the primary service category being claimed.
  2. Nature of the inquiry — A one- to two-sentence description of the issue, question, or request. Avoid lengthy background unless the detail is directly material to the inquiry.
  3. Source citation — For editorial corrections, include the authoritative public source that contradicts the current provider network content. Named agency documents, statutes, or published standards (such as a specific NIST Special Publication, a CISA advisory identifier, or a numbered section of the Code of Federal Regulations) are preferred over secondary citations.
  4. Contact information — A valid email address for response. The provider network does not publish or share contact information provided through the intake form.

Submissions that omit the source citation for a claimed factual error will be deprioritized relative to submissions that arrive with a verifiable reference. This standard reflects the provider network's sourcing methodology: assertions without named public documentation cannot be evaluated against the same criteria used to maintain existing content.

Report a Data Error or Correction

Found incorrect information, an outdated fact, or a broken link? Use the form below.

Interested in becoming a verified provider?

[email protected]

Include your business name, location, and services offered.

References

Read Next

Information Security Listings ANA › Professional Services Authority Authority › National Cyber Authority Authority › Information Security Authority Information Security Providers The providers... Information Security Directory: Purpose and Scope ANA › Professional Services Authority Authority › National Cyber Authority Authority › Information Security Authority Information Security Network: Purpose and Scope... Information Security Frameworks: NIST, ISO 27001, and Beyond ANA › Professional Services Authority Authority › National Cyber Authority Authority › Information Security Authority Information Security Frameworks: NIST, ISO...