Contact

Digital Security Authority serves as a national-scope reference directory for cybersecurity services, professional categories, and regulatory frameworks across the United States. This page describes the contact channels available for this directory, the geographic scope of service coverage, and the information required to submit a productive inquiry. Readers seeking to report a listing error, request a category review, or ask a procedural question about directory structure will find the relevant routing information below.

Additional contact options

Inquiries related to directory content fall into distinct categories, each routed through a different review process. Understanding which category an inquiry belongs to reduces handling time and ensures it reaches the appropriate editorial or administrative function.

The primary contact channels are:

1. Listing accuracy reports — Submitted when a specific directory entry contains outdated, incorrect, or unverifiable information. These reports are reviewed against publicly available sources, including licensing databases maintained by the Cybersecurity and Infrastructure Security Agency (CISA) and professional certification registries such as those maintained by (ISC)², ISACA, and CompTIA.

2. Category classification disputes — Submitted when a listed organization believes its service category has been incorrectly assigned within the directory structure. Classification follows functional distinctions recognized in the NIST Cybersecurity Framework (NIST CSF), specifically its five core functions: Identify, Protect, Detect, Respond, and Recover.

3. Regulatory or compliance corrections — Submitted when a directory page references a statute, rule, or enforcement body inaccurately. Examples include citations to the FTC Safeguards Rule (16 CFR Part 314), HIPAA Security Rule (45 CFR Part 164), or state-level breach notification laws.

4. General editorial inquiries — Submitted for questions about directory scope, methodology, or page structure that do not fit the above categories.

Each of these channels is distinct from technical support. Digital Security Authority does not provide cybersecurity advisory services, legal counsel, or incident response assistance.

How to reach this office

The administrative office for Digital Security Authority handles editorial correspondence related to directory content, listing submissions, and framework accuracy. Correspondence submitted without sufficient identifying detail — such as a specific page URL or listing name — is returned without action.

The primary contact method is electronic submission through the official contact form hosted on this domain. Submissions are triaged as processing allows. Listing accuracy reports that reference a verifiable public-sector source — such as a NIST publication, a state attorney general enforcement notice, or a published FTC ruling — are prioritized in the review process.

For matters referencing federal cybersecurity standards, the relevant regulatory contact points outside this directory include:

• NIST Computer Security Resource Center: csrc.nist.gov — the authoritative source for NIST Special Publications, including SP 800-53 and SP 800-171.
• CISA: cisa.gov — the federal agency responsible for critical infrastructure cybersecurity coordination under the Cybersecurity and Infrastructure Security Agency Act of 2018.
• FTC Bureau of Consumer Protection: ftc.gov — enforcement authority for the Safeguards Rule and related data security obligations.

Correspondence addressed to this directory does not constitute a complaint to any regulatory authority. Regulatory filings must be directed to the named agencies above using their official intake processes.

Service area covered

Digital Security Authority operates with national scope across all 50 US states and the District of Columbia. The directory indexes cybersecurity service providers, professional categories, and compliance resources relevant to organizations operating under federal law and state-level statutes.

State-specific regulatory variation is a material factor in directory coverage. As of the framework established by the National Conference of State Legislatures (NCSL), all 50 states have enacted data breach notification laws, each with distinct trigger thresholds, notification timelines, and covered data types. The directory reflects this variation in its state-level compliance categories rather than treating US cybersecurity regulation as a uniform federal system.

Coverage does not extend to non-US jurisdictions. Organizations subject to the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, or other international frameworks are outside the defined geographic scope of this directory. Inquiries about cross-border regulatory matters are out of scope for this office.

Sector-specific coverage follows the 16 critical infrastructure sectors defined by CISA, including financial services, healthcare and public health, information technology, and energy. Directory entries are classified against these sector designations where applicable.

What to include in your message

An incomplete submission cannot be actioned. Every message directed to this office should include the following elements to enable a substantive response:

1. Page or listing reference — The specific URL or listing name the inquiry concerns. General complaints about directory accuracy without a named page are returned unresolved.

2. Nature of the issue — A plain-language description drawn from the four categories listed in the Additional Contact Options section above. Specifying the category — listing accuracy, classification dispute, regulatory correction, or general editorial — routes the inquiry without delay.

3. Supporting source — A named public document, agency publication, or verifiable registry entry that supports the correction being requested. For regulatory matters, this means citing the specific statute, CFR section, or NIST Special Publication number. For example, a correction referencing network security controls should cite the applicable control family in NIST SP 800-53 Rev 5.

4. Contact information — A valid reply address. Anonymous submissions without a return contact are logged but cannot receive a response.

5. Organization affiliation (if applicable) — For listing disputes initiated by the listed organization itself, a statement of affiliation and the publicly verifiable basis for the claim establishes standing for the review.

Submissions that satisfy all 5 criteria enter the standard review process. Submissions missing elements 1, 2, or 3 are returned with a request for clarification before review begins.