Contact

Security Services Authority operates as a national reference provider network for the cybersecurity services sector in the United States. This page documents how to reach the editorial and administrative office, the geographic and subject-matter scope of inquiries accepted, what information to include when submitting a message, and what response timelines apply. Inquiries related to provider network providers, editorial accuracy, and sector coverage fall within the scope of this office.

How to reach this office

The administrative office for Security Services Authority accepts written inquiries submitted through the contact page associated with this domain. All correspondence is routed to the editorial and provider network management team, which holds responsibility for provider accuracy, sector classification decisions, and reference content published across the site.

Inquiries fall into four distinct categories handled by this office:

  1. Provider Network provider submissions — requests to add, update, or remove a provider provider within the Security Services Providers index
  2. Editorial corrections — factual disputes or accuracy concerns related to published reference content
  3. Licensing and credential verification requests — questions about how provider qualifications, certifications, or regulatory standing are verified before provider acceptance
  4. Scope and coverage questions — inquiries about which cybersecurity service categories, geographic markets, or regulatory frameworks fall within the network's coverage boundaries

Correspondence unrelated to cybersecurity services, provider network operations, or editorial matters falls outside this office's remit and will not receive a substantive response. Regulatory enforcement inquiries should be directed to the appropriate federal or state agency — CISA for critical infrastructure and cybersecurity incidents, or the FTC for consumer data protection matters.

Service area covered

Security Services Authority maintains national scope across the contiguous United States, Alaska, and Hawaii. The provider network covers cybersecurity service providers operating under US jurisdiction and subject to US regulatory frameworks, including those administered by CISA, NIST, the FTC, HHS (under HIPAA), and sector-specific bodies such as NERC CIP for energy and the FFIEC for financial services.

The provider network's subject-matter coverage spans the following service verticals within cybersecurity:

  1. OT/ICS security — providers serving industrial environments governed by NIST SP 800-82 Rev. 3 standards

Providers operating exclusively in non-US jurisdictions are outside the provider network's current geographic scope. Providers serving both US and international markets are eligible for provider if their US operations constitute a defined, separately addressable service offering.

The distinction between product vendors and service providers represents a classification boundary enforced editorially: Security Services Authority indexes service providers — firms delivering professional services, managed services, or consulting — not software or hardware product manufacturers without a distinct professional services arm.

What to include in your message

Incomplete submissions account for a substantial portion of delayed or unresolved inquiries. To ensure accurate processing, all messages should include the following structured information:

For provider network provider submissions:
- Legal business name and doing-business-as (DBA) name if applicable
- Primary service category (matched to one of the 8 verticals verified above)
- Geographic service footprint (states served or national coverage)
- Relevant certifications or regulatory credentials (e.g., SOC 2 Type II, FedRAMP authorization, CMMC level, CISA-recognized status)
- Primary point of contact name, title, and business email address

For editorial corrections:
- The specific URL of the page containing the disputed content
- The exact text or data point in question
- The correction being requested, with a named public source supporting the correction (e.g., a NIST publication, a CISA advisory, or a federal statute citation)

For licensing and credential verification questions:
- The specific certification, license, or regulatory designation in question
- The issuing body or framework (e.g., ISC², CompTIA, ISACA, CMMC Accreditation Body)
- The context in which verification is being requested

Messages that omit the relevant category, lack a named contact, or provide no supporting detail will be returned for clarification before any substantive review begins.

Response expectations

The editorial process reviews incoming correspondence in the order received. Provider submissions undergo a 2-stage review: an initial completeness check in a timely manner, followed by a credential and classification review that typically requires an additional 10 to 15 business days depending on the complexity of the service category and the volume of documentation provided.

Editorial correction requests are prioritized by materiality. Corrections involving a misclassified regulatory framework, an inaccurate statutory citation, or an erroneous credential claim are escalated above general content improvement suggestions. The NIST Cybersecurity Framework (CSF 2.0) and CISA's published advisories serve as primary reference authorities for resolving disputes about technical accuracy in editorial content.

Scope and coverage inquiries receive a written determination — either confirmation that a provider category falls within the network's defined verticals or a reasoned explanation of why it falls outside current scope. Coverage scope is reviewed on an annual basis against updates to federal regulatory frameworks and CISA's evolving critical infrastructure sector designations.

No response channel associated with this provider network constitutes legal counsel, regulatory advice, or professional certification guidance. Parties seeking formal regulatory determination should engage directly with the relevant agency: HHS Office for Civil Rights for HIPAA matters, CISA for critical infrastructure cybersecurity, or the applicable state attorney general for state-level data protection statutes.

Report a Data Error or Correction

Found incorrect information, an outdated fact, or a broken link? Use the form below.

Interested in becoming a verified provider?

[email protected]

Include your business name, location, and services offered.

References

Read Next

How to Get Help for Security Services ANA › Professional Services Authority › National Cyber › Security Services Authority How to Get Help for Security Services Cybersecurity... Security Services Directory: Purpose and Scope ANA › Professional Services Authority › National Cyber › Security Services Authority Security Services Network: Purpose and Scope The... Security Services Listings ANA › Professional Services Authority › National Cyber › Security Services Authority Security Services Providers The providers within...