How to Use This Security Services Resource

The security services sector in the United States spans physical protection, cybersecurity, investigations, compliance program management, and hybrid converged services — a landscape regulated by federal agencies, state licensing boards, and standards bodies whose requirements vary significantly by service category and jurisdiction. This page describes the scope of content covered within this reference directory, how to locate specific topics, how published content is verified, and how to integrate this resource with authoritative external sources. The Security Services Directory: Purpose and Scope page establishes the full index of covered categories and the organizational logic behind them.

Limitations and scope

This directory covers the security services sector as it operates within the United States, organized by service category, professional credential standard, regulatory framework, and operational context. The scope includes physical security services (guarding, patrol, executive protection), cybersecurity services (managed detection and response, penetration testing, incident response, compliance program support), and converged security disciplines that cross both domains.

The following boundaries define what this resource does and does not address:

1. Geographic scope: Content reflects US federal law, agency regulations, and state-level licensing requirements. International standards are referenced where they apply to US-based providers — for example, ISO/IEC 27001 certification as a vendor qualification marker — but non-US regulatory regimes are not systematically covered.
2. Service categories indexed: The directory covers licensed and credentialed professional services. Consumer-facing products, commodity hardware, and software-only tools are outside scope except where they constitute a component of a professional service offering.
3. Legal and professional advice: This resource describes the regulatory and professional landscape. It does not render legal, compliance, or procurement advice. Licensing requirements are summarized from named public sources; authoritative interpretation belongs to the relevant licensing authority.
4. Currency of regulatory content: Licensing thresholds, penalty structures, and certification requirements change when statutes are amended or agencies revise guidance. Readers should verify current requirements against the issuing authority — such as the Bureau of Security and Investigative Services (BSIS) in California or the Transportation Security Administration (TSA) for airport security personnel standards.
5. Provider listings: The Security Services Listings section indexes providers by category and credential. Inclusion in listings does not constitute endorsement or verification of individual provider performance.

The directory does not cover emergency services, law enforcement agencies, military contractors operating under classified programs, or intelligence community procurement vehicles.

How to find specific topics

Content within this resource is organized along four primary axes: service category, regulatory framework, professional credential type, and operational environment. Navigating by any of these dimensions leads to relevant reference material.

By service category: The broadest organizational layer. Categories include armed and unarmed guard services, cybersecurity managed services, physical access control, investigations, and executive protection. Each category page describes the service structure, the licensing or certification standards that apply, and the regulatory bodies with jurisdiction.

By regulatory framework: Content referencing the Health Insurance Portability and Accountability Act (HIPAA), codified at 45 C.F.R. Parts 160 and 164, connects to cybersecurity service categories subject to healthcare data obligations. Content referencing the Payment Card Industry Data Security Standard (PCI DSS), maintained by the PCI Security Standards Council, connects to services relevant to cardholder data environments. Users with a defined compliance driver can use that framework as an entry point.

By credential type: Professional credentials in the security sector include Certified Protection Professional (CPP) and Physical Security Professional (PSP) designations issued by ASIS International, Certified Information Systems Security Professional (CISSP) issued by (ISC)², and state-issued guard licenses with requirements that differ across all 50 jurisdictions. Credential-specific content identifies what each designation requires and what service categories it is relevant to.

By operational environment: Content is also segmented by deployment context — healthcare facilities, financial institutions, critical infrastructure, and commercial real estate each carry distinct regulatory obligations that shape which service categories and provider qualifications apply.

For broad orientation before drilling into a specific category, the Security Services Listings page provides a structured entry point organized by service type.

How content is verified

Content in this directory is grounded in named, publicly accessible sources. The verification approach follows three standards:

Regulatory claims are traced to the issuing statute, federal regulation, or agency guidance document. A reference to OSHA's authority over contract security workers, for example, cites the Occupational Safety and Health Act of 1970 (29 U.S.C. § 651 et seq.) and relevant agency enforcement guidance available at osha.gov, not secondary summaries.

Credential and certification requirements are drawn from the certifying body's published standards. ASIS International, (ISC)², CompTIA, and the Electronic Security Association (ESA) publish eligibility requirements, recertification timelines, and examination domains publicly. Content describing those requirements cites those primary publications.

Statistical and quantitative claims — penalty ceilings, breach cost figures, state licensing fee schedules — are sourced to a named public document at the point of use. Figures that cannot be traced to a verifiable public source are either excluded or framed as structural facts ("the penalty is set by statute") rather than specific assertions.

Contrast with aggregator platforms: unlike vendor review platforms or market research aggregators that compile user-generated data, this directory does not incorporate unverifiable sourced statistics or anonymous provider ratings. Where comparative data is used, the source organization is named.

How to use alongside other sources

This directory functions as a structural reference — it maps the sector, identifies regulatory obligations, and classifies service categories and credentials. It is designed to be used in combination with, not as a replacement for, primary regulatory sources and professional guidance.

For regulatory compliance verification, readers should consult the issuing federal or state agency directly. The National Institute of Standards and Technology (NIST) publishes the Cybersecurity Framework and Special Publication series at csrc.nist.gov. The Federal Trade Commission (FTC) publishes its Safeguards Rule requirements at ftc.gov. State private investigator and security guard licensing boards publish current fee schedules, training hour requirements, and disqualifying offense lists on their own portals.

For vendor evaluation, procurement professionals should use this directory alongside request-for-proposal documentation, independent audit results, and, where applicable, federal contractor qualification databases such as the System for Award Management (SAM.gov) for providers bidding on government contracts.

For standards alignment, ASIS International's ANSI-accredited standards — including ASIS PSC.1 for private security contractor management — provide prescriptive operational benchmarks that extend beyond the descriptive scope of directory content. The full how-to-use-this-security-services-resource page should be treated as orientation material, not a substitute for those operational documents.

A structured research workflow integrates this directory at the scoping phase: identify the relevant service category and regulatory framework here, then move to primary sources for requirements verification, and to the Security Services Listings for qualified provider identification within the defined category.