Contact
National Security Authority serves as a public-facing provider network reference for cybersecurity service providers, credentialing bodies, and regulatory resources operating at the national level in the United States. This page documents the available channels for submitting inquiries, corrections, or provider-related requests to the provider network. Understanding what information to include and which channel to use reduces response time and ensures submissions are routed correctly within the network's operational structure.
Additional contact options
Provider Network inquiries can be submitted through multiple structured channels depending on the nature of the request. The primary categories of inbound contact handled by this provider network fall into four distinct types:
- Provider corrections or additions — Requests to update, remove, or submit a cybersecurity firm, credentialing body, or regulatory resource for inclusion in the Security Providers index.
- Scope and coverage questions — Inquiries about which service categories, geographic regions, or regulatory frameworks are represented within the network's coverage model. The Security Provider Network Purpose and Scope page addresses the structural boundaries of what is indexed.
- Regulatory reference inquiries — Questions about cited standards, named agencies such as the Cybersecurity and Infrastructure Security Agency (CISA), the National Institute of Standards and Technology (NIST), or frameworks including NIST SP 800-53, should be directed through the general inquiry channel with specific citation details included.
- Technical or navigation issues — Reports of broken links, indexing errors, or structural problems with provider network pages, including the How to Use This Security Resource reference.
Each request type benefits from a distinct format. Mixing multiple request types in a single message creates processing delays. Where a submission involves a credentialed provider, documentation of relevant certifications — such as those issued under DoD 8570/8140 or CMMC — should be included as attachments or referenced by issuing body and credential name.
How to reach this office
The primary email channel for this provider network is:
This address handles all inbound categories described above. There is no telephone intake system for this provider network. All submissions are processed in written form to maintain an accurate record of each request and to allow proper routing within the editorial and technical teams responsible for provider network maintenance.
Response timelines vary by request type. Provider correction requests that include complete supporting documentation — credential issuer, jurisdiction, and current regulatory status — are processed with higher priority than general inquiries. Regulatory reference requests that cite a specific statute, such as the Federal Information Security Modernization Act (FISMA), 44 U.S.C. § 3551 et seq., or a named NIST control family are treated as substantive inquiries and receive structured responses.
Submissions that do not include the information outlined in the "What to Include in Your Message" section below will be returned with a request for clarification before any action is taken.
Service area covered
This provider network covers cybersecurity service providers, standards bodies, regulatory frameworks, and credentialing authorities operating at the national level within the United States. The geographic scope is national — it does not index state-specific licensing boards or municipality-level programs unless those entities have a direct mandate or affiliation with a federal framework, such as participation in CISA's State and Local Cybersecurity Grant Program, authorized under the Infrastructure Investment and Jobs Act of 2021 (Public Law 117-58).
The provider network distinguishes between two primary service-sector categories:
- Critical infrastructure providers — Organizations operating in the 16 critical infrastructure sectors defined by Presidential Policy Directive 21 (PPD-21), including energy, financial services, healthcare, and communications.
- General commercial cybersecurity providers — Firms offering managed security services, penetration testing, incident response, and compliance advisory functions not tied to a specific federal sector mandate.
Inquiries from international organizations or non-US-based providers are outside the current provider network scope. Requests referencing foreign regulatory frameworks — such as the EU's NIS2 Directive or the UK's Cyber Essentials scheme — will not be processed for provider purposes, though they may be acknowledged as reference context in regulatory inquiries.
What to include in your message
A well-structured submission reduces processing time and eliminates the need for follow-up clarification requests. The following breakdown applies to each contact type:
For provider corrections or additions:
- Legal name of the organization
- Primary service category (managed security, credentialing, regulatory body, etc.)
- Jurisdiction of primary operation (federal, national, multi-state)
- Relevant certification or credential with issuing body named (e.g., ISC² CISSP, CompTIA Security+, CMMC Third-Party Assessor Organization (C3PAO))
- Reason for the addition, correction, or removal request
For regulatory reference inquiries:
- Specific statute, standard, or framework citation (title, section, revision number where applicable)
- Named agency or standards body associated with the reference
- Nature of the inquiry (clarification, correction, new reference request)
For technical or navigation issues:
- URL of the affected page
- Description of the observed issue
- Browser or access environment if relevant to reproduction
Submissions lacking organization name, request type, and at least 1 supporting detail will be returned without action. This structure aligns with the information standards applied across the provider network's editorial process, consistent with the documentation practices recommended by NIST SP 800-61 Rev. 2 for structured communication in operational security contexts.
Report a Data Error or Correction
Found incorrect information, an outdated fact, or a broken link? Use the form below.
References
- CISA's State and Local Cybersecurity Grant Program
- Cybersecurity and Infrastructure Security Agency (CISA)
- Federal Information Security Modernization Act (FISMA), 44 U.S.C. § 3551 et seq.
- NIST SP 800-53
- NIST SP 800-61 Rev. 2
- National Institute of Standards and Technology (NIST)
- Presidential Policy Directive 21 (PPD-21)
- CompTIA Security+
- ISC² CISSP