How to Use This Online Safety Resource

The online safety service sector in the United States spans dozens of overlapping professional categories, regulatory frameworks, and technical standards — from FTC-regulated identity protection services to CISA-coordinated incident response providers. This page describes how the Online Safety Listings directory is structured, what professional and regulatory criteria are applied to listings, and how to interpret the information presented across the site. Researchers, practitioners, and service seekers navigating this sector will find that understanding the directory's organizational logic significantly reduces the time required to locate qualified, relevant providers.

How to navigate

The directory is organized around service categories rather than individual provider names. The top-level taxonomy separates providers into functional verticals — identity monitoring, parental controls and content filtering, endpoint and device protection, privacy compliance services, and incident response — reflecting the classification schema used by NIST's National Cybersecurity Framework (CSF), which defines five core functions: Identify, Protect, Detect, Respond, and Recover (NIST CSF).

Navigation follows a three-level structure:

1. Sector category — The broadest classification (e.g., consumer-facing safety tools vs. enterprise compliance services).
2. Service type — The functional subcategory within a sector (e.g., DNS filtering vs. full-stack endpoint protection).
3. Provider listing — The individual organization, tool, or service entry, including credential indicators and regulatory alignment notes.

Each listing page links back to its parent category, allowing lateral comparison between providers operating in the same service type. The Online Safety Directory Purpose and Scope page provides additional context on which sectors are covered and which fall outside this directory's mandate.

What to look for first

Before selecting or evaluating a provider from any listing, the first reference point should be the regulatory alignment indicator attached to each entry. The US online safety sector is governed by a patchwork of overlapping regulatory regimes:

• COPPA (Children's Online Privacy Protection Act, 15 U.S.C. §6501–6506), enforced by the FTC, governs services directed at children under 13 — a distinction that separates family safety tools from general consumer privacy products (FTC COPPA guidance).
• HIPAA applies where online safety services intersect with health data, including mental health monitoring apps or telehealth-adjacent parental control platforms.
• CISA directives apply to critical infrastructure operators and federal contractors, a category distinct from consumer-grade providers (CISA).

A provider that holds FedRAMP authorization, for example, operates under a substantially different compliance burden than a consumer app that only self-certifies COPPA compliance. These distinctions are noted in the credential section of each listing. The credential section is the fastest way to establish whether a listed provider meets a specific regulatory threshold before reviewing any other details.

How information is organized

Each listing entry within the Online Safety Listings directory follows a standardized record format. The fields are:

1. Provider name and category — Primary classification and the service type node it occupies.
2. Regulatory alignment — Named frameworks or statutes the provider claims conformance with (e.g., NIST SP 800-53, SOC 2 Type II, ISO/IEC 27001).
3. Service scope — Geographic reach, deployment model (cloud, on-premise, hybrid), and target user segment (consumer, SMB, enterprise, government).
4. Credential indicators — Third-party certifications, audit reports, or agency authorizations that have been independently verified.
5. Contact and intake information — Routing details for service inquiries.

The distinction between credential indicators and regulatory alignment is intentional. Regulatory alignment indicates which frameworks a provider references; credential indicators reflect externally verified attestations. A provider may align to NIST CSF without holding any third-party certification — that gap is structurally surfaced in the record format.

Listings are separated into two tiers: verified entries, which have submitted documentation supporting at least one credential indicator, and unverified entries, which are included for directory completeness but carry no independent attestation. Readers comparing providers across a single service type should filter by verification status before drawing equivalence between entries.

Limitations and scope

This directory covers online safety service providers operating within the United States at the national scale. It does not catalog state-specific consumer protection offices, local nonprofit digital literacy programs, or academic research institutions, even where those entities publish publicly available safety tools. State attorneys general offices — which hold independent enforcement authority under statutes like California's CCPA or Illinois' BIPA — are referenced in regulatory context but are not listed as providers.

The directory also does not adjudicate disputes between listed providers, assess the accuracy of self-reported compliance claims beyond the credential indicator framework, or provide legal or professional licensing determinations. The Federal Trade Commission's Bureau of Consumer Protection (FTC BCP) and the Cybersecurity and Infrastructure Security Agency remain the authoritative regulatory bodies for enforcement actions and sector-wide guidance respectively.

Entries are reviewed on a rolling basis; the absence of a provider from the directory does not constitute a finding against that provider, and inclusion does not constitute endorsement. For questions about the directory's editorial scope and inclusion criteria, the Online Safety Directory Purpose and Scope page contains the full methodology used to assess and classify entries.