Contact

The National Online Safety Authority maintains this contact channel for service seekers, cybersecurity professionals, researchers, and organizations navigating the online safety services sector. Inquiries may concern directory listings, professional category classifications, regulatory references, or corrections to published information. The sections below describe what to include in a message, how responses are structured, and how to reach this office directly.

What to include in your message

Effective inquiries reach resolution faster when they arrive with sufficient context. The nature of a message determines which operational category handles it — and the cybersecurity services sector, governed by frameworks including NIST SP 800-53 (Rev. 5) and the FTC's data security guidance, encompasses distinct service categories that require different types of follow-up.

A well-structured message should include the following elements:

1. Full name and organizational affiliation — Individual professionals, firms, and institutional researchers are handled through separate intake processes.
2. Inquiry category — Classify the message as one of the following: listing submission or correction, regulatory reference question, directory scope question, professional classification dispute, or general information request.
3. Service vertical or specialty area — The cybersecurity services sector spans at least 12 recognized specializations, including incident response, penetration testing, managed security services (MSSP), identity and access management (IAM), and compliance consulting. Naming the relevant area accelerates routing.
4. Relevant jurisdiction or regulatory context — Federal frameworks (such as CISA guidance or NIST Cybersecurity Framework 2.0) apply broadly; state-level requirements under statutes like the California Consumer Privacy Act (CCPA) or New York's SHIELD Act may also be relevant to a specific inquiry.
5. Supporting documentation or URL — For listing corrections or professional classification disputes, attaching or linking to verifiable public-record documentation reduces processing time.
6. Preferred response format — Specify whether a written response, a referral to a published reference, or a callback is preferred.

Inquiries that arrive without an inquiry category or organizational context are deprioritized relative to complete submissions.

Response expectations

This office operates as a public-service reference channel, not a legal, compliance, or technical advisory service. Responses address directory operations, classification structures, and published regulatory references — not individualized professional guidance.

Standard response time for categorized inquiries is 3–5 business days. Inquiries requiring internal review — such as disputed classifications or requests involving multiple regulatory frameworks — may take up to 10 business days.

The distinction between inquiry types matters for setting expectations:

• Listing and classification inquiries — Reviewed against the directory's published scope criteria and existing service category taxonomy. Outcomes include approval, rejection with explanation, or a request for additional documentation.
• Regulatory reference inquiries — Directed to named public sources. The office does not interpret statutes or render compliance opinions; it identifies the relevant agency, standard, or published code. For cybersecurity-specific regulatory matters, primary sources include CISA, NIST CSRC, the FTC Bureau of Consumer Protection, and the HHS Office for Civil Rights for healthcare-adjacent providers.
• General information requests — Addressed with a reference to the most relevant published page within this directory. The Online Safety Listings and Directory Purpose and Scope pages resolve the majority of general questions without requiring direct communication.

Bulk or automated inquiries receive no response. Messages containing requests for individualized legal or cybersecurity advice are not addressed and will not be forwarded to third parties.

Additional contact options

For inquiries that do not require a direct message, the directory's published reference pages address the most common informational needs:

• The Directory Purpose and Scope page defines the classification boundaries, covered service categories, and geographic scope of this resource.
• The How to Use This Online Safety Resource page covers navigation, listing interpretation, and how professional categories are structured.
• The Online Safety Listings page is the primary access point for finding categorized cybersecurity service providers by specialty and jurisdiction.

Organizations seeking to understand listing eligibility — including whether a firm meets the operational criteria under frameworks like ISO/IEC 27001 or holds relevant certifications such as CompTIA Security+ or CISSP (issued by ISC²) — should consult the scope page before submitting a direct inquiry.

How to reach this office

Direct correspondence is handled through the primary contact address for the National Online Safety Authority:

Email: eli.rosales@authoritynetworkamerica.com

Messages should follow the structured format described in the first section of this page. Include the inquiry category in the subject line to ensure correct routing. Submissions without a subject line or inquiry category are processed last in queue order.

This office does not maintain a public telephone number or physical mailing address for general inquiries. All operational correspondence is conducted via email. For time-sensitive matters involving active cybersecurity incidents, the appropriate channel is CISA's 24/7 reporting line — not this directory's contact address, which is administrative in function and does not provide emergency response services.