Online Safety Directory: Purpose and Scope

The National Online Safety Authority maintains a structured directory of professionals, services, and organizations operating within the United States cybersecurity and online safety sector. This page establishes the scope, classification logic, and intended use of that directory — serving researchers, procurement officers, compliance teams, and individuals navigating a complex professional landscape. Understanding how the directory is organized is essential to extracting accurate, actionable information from its listings.

Relationship to Other Network Resources

The directory hosted at this domain functions as a sector-specific reference layer within a broader national cybersecurity reference network. It is distinct from editorial or explanatory content; it does not provide instructional material or procedural guidance. For context on how to navigate and apply the tools available across this network, the How to Use This Online Safety Resource page provides a structured orientation to the full scope of available reference assets.

The parent reference network focuses on cybersecurity as a regulated professional vertical, and this directory specifically addresses the online safety segment — a subset encompassing consumer-facing digital protection services, platform safety compliance, and practitioner-level internet security services. That scope differs meaningfully from adjacent directories covering infrastructure security or enterprise network defense, which operate under different licensing and regulatory frameworks, including those codified under NIST SP 800-53 and the FTC Act, 15 U.S.C. § 45.

How to Interpret Listings

Each listing within the Online Safety Listings index represents a discrete professional entity — a firm, practitioner, or certified service provider — that has been classified according to documented service category and applicable qualification standard. Listings are not endorsements. Inclusion reflects categorization against defined sector criteria, not a quality judgment or referral.

Interpreting a listing accurately requires attention to three structural fields:

1. Service Category — The functional domain of the listed entity, drawn from one of the classification types described in the "What Is Included" section below. Categories are mutually exclusive at the primary classification level; a firm providing both parental-control software and corporate endpoint security will carry a primary designation and a secondary designation.
2. Qualification Indicator — The professional credential, certification, or regulatory authorization under which the entity operates. Examples include Certified Information Systems Security Professional (CISSP) issued by (ISC)², CompTIA Security+, or state-level registration for consumer privacy services under frameworks such as the California Consumer Privacy Act (CCPA), Cal. Civ. Code § 1798.100.
3. Regulatory Scope — The jurisdiction and applicable federal or state regulatory body. Federal-level entries may reference oversight by the Federal Trade Commission, the Cybersecurity and Infrastructure Security Agency (CISA), or sector-specific regulators such as the FCC under 47 U.S.C. § 151 for telecommunications-adjacent services.

A listing without a qualification indicator denotes a service category where formal licensure is not federally mandated, but does not imply the entity is unregulated.

Purpose of This Directory

The directory exists to map the professional landscape of online safety services operating within US national scope. The online safety sector is fragmented across at least 4 distinct federal regulatory regimes — FTC consumer protection authority, CIPA compliance for school and library contexts (20 U.S.C. § 9134), COPPA enforcement for child-directed platforms (16 C.F.R. Part 312), and CISA's voluntary framework for critical digital infrastructure — without a single unified licensing or registration body.

That regulatory fragmentation creates a practical identification problem for procurement officers, legal teams, and individual consumers: there is no single federal registry of qualified online safety practitioners. This directory addresses that gap by aggregating classified, sourced information about service providers operating within named regulatory frameworks, enabling comparison across provider types and qualification levels.

The Online Safety Directory: Purpose and Scope reference framework is designed to remain stable across regulatory updates; individual listings are updated as qualification standards or regulatory designations change.

What Is Included

The directory covers professional entities operating in the following 5 primary classification categories within the online safety vertical:

1. Consumer Digital Protection Services — Providers of antivirus, VPN, identity monitoring, and parental control products regulated at the federal level primarily under FTC authority and, for child-directed applications, COPPA (16 C.F.R. Part 312).
2. Platform Safety Compliance Firms — Organizations offering audit, consulting, or technical services to digital platforms subject to online safety obligations, including those arising from Section 230 of the Communications Decency Act (47 U.S.C. § 230) and evolving state-level platform accountability statutes.
3. School and Library Internet Safety Specialists — Service providers operating under Children's Internet Protection Act (CIPA) compliance mandates, primarily serving institutions that receive E-Rate funding administered by the FCC.
4. Child Online Safety Practitioners — Credentialed professionals providing direct services related to child digital safety, often operating under COPPA compliance frameworks and referencing guidance published by the National Center for Missing and Exploited Children (NCMEC).
5. Cybersecurity Awareness Training Providers — Organizations delivering workforce or consumer-facing security education, frequently benchmarked against NIST's National Initiative for Cybersecurity Education (NICE) Workforce Framework (NIST SP 800-181r1).

The directory does not include general IT support firms, managed security service providers (MSSPs) without a documented consumer-safety or online-safety service line, or individual freelance practitioners who have not demonstrated alignment with at least one named professional certification or regulatory compliance framework. That boundary is consistent with the scope delineation maintained by the parent network at nationalcyberauthority.com.