Contact

The Data Security Authority provider network serves practitioners, compliance professionals, procurement specialists, and researchers navigating the US data security service sector. This page describes how to reach the provider network's administrative office, the geographic and subject-matter scope of queries handled, what information to include when submitting a message, and what timeline to expect for a response.

How to reach this office

The Data Security Authority operates as a reference-grade provider network within the cybersecurity vertical, organized under the national scope of US data protection practice. Administrative inquiries, provider submissions, correction requests, and research inquiries are routed through the site's contact form. No telephone line is maintained for general public contact; written submissions through the form create a documented record and allow for accurate routing to the appropriate subject-matter area.

Correction requests related to regulatory citations — including references to statutes such as HIPAA under 45 CFR Part 164 (eCFR), FISMA under 44 U.S.C. § 3551 et seq., or technical standards published by NIST (csrc.nist.gov) — should identify the page URL, the specific claim in dispute, and the authoritative source supporting the correction. Submissions lacking this structure are deprioritized in the review process.

Service area covered

The provider network covers the data security service sector across all 50 US states and the District of Columbia. The national scope means providers, regulatory references, and professional category entries are not filtered by geography at the state level, though individual providers may specify state-licensed jurisdictions where relevant.

Subject-matter scope spans 4 primary domains:

  1. Regulatory compliance obligations — including sector-specific frameworks such as HIPAA (healthcare), GLBA (financial services), CCPA (California consumer data), and FISMA (federal information systems)
  2. Technical control frameworks — including NIST SP 800-53 Rev. 5, NIST SP 800-171 Rev. 2, and ISO/IEC 27001
  3. Professional service categories — audit firms, managed security service providers, compliance consultancies, and credentialed individual practitioners
  4. Provider Network structure and taxonomy — how providers are organized, classified, and maintained within the Data Security Providers section

Inquiries outside these 4 domains — including requests for legal advice, regulatory interpretation, or vendor recommendations — fall outside the provider network's scope and will not be addressed. The distinction between a compliance obligation and a technical control is structural to the provider network's architecture; queries that conflate the two may be returned for clarification before routing proceeds.

The provider network does not cover non-US regulatory regimes as primary subject matter. Cross-border frameworks such as the EU General Data Protection Regulation (GDPR — EUR-Lex) and the CLOUD Act under 18 U.S.C. § 2713 appear in reference context where they intersect with US organizational obligations, but the provider network does not serve as an international data law resource.

What to include in your message

Message quality directly determines routing speed. A submission lacking basic identifying information will be held pending follow-up, adding 3 to 5 business days to the resolution timeline.

Structured submissions should include the following elements:

  1. Inquiry type — choose one: provider submission, provider correction, editorial correction, research inquiry, or administrative matter
  2. Organization name (if applicable) — for provider submissions, the legal or trade name of the entity to be verified
  3. Subject-matter domain — identify which of the 4 subject-matter areas the inquiry relates to (regulatory compliance, technical controls, professional services, or provider network taxonomy)
  4. Specific page reference — for corrections or disputes, the full URL of the affected page
  5. Supporting source — for factual corrections, cite the named public source (e.g., NIST publication number, statute citation, agency guidance document title)
  6. Contact email — a valid address to which a response can be directed; submissions without a reply address are processed as anonymous and receive no individual response

Provider submissions are held to the same factual standard as editorial content. Claims about professional credentials, regulatory authorizations, or technical certifications must be supportable by reference to a named credentialing body — for example, the International Information System Security Certification Consortium (ISC²) for CISSP designation, or the PCI Security Standards Council for PCI DSS compliance assessments.

Response expectations

The administrative queue operates on a 5 business day standard for initial acknowledgment. Complex submissions — including disputed regulatory citations, multi-entry provider revisions, or inquiries requiring cross-reference against published federal standards — may require up to 15 business days for substantive response.

Two response tracks apply depending on inquiry type:

Track A — Routine administrative matters (provider submissions, contact updates, basic corrections): acknowledgment as processing allows, resolution communicated as processing allows.

Track B — Editorial and regulatory disputes (challenges to cited statutes, framework references, or taxonomy classifications): acknowledgment as processing allows, substantive review as processing allows. Track B responses reference the specific authoritative source used in the editorial decision — such as a NIST Special Publication, a CFR section, or an agency guidance document published by bodies including the FTC (ftc.gov), HHS Office for Civil Rights (hhs.gov), or the NYDFS (dfs.ny.gov).

Anonymous submissions — those lacking a reply address — are reviewed for editorial merit but receive no individual response. Where an anonymous correction is determined to be accurate, the relevant page is updated without attribution. The provider network's editorial standard does not distinguish between submissions from industry professionals and those from general researchers; factual accuracy is assessed against named public sources regardless of the submitter's stated credentials.

Report a Data Error or Correction

Found incorrect information, an outdated fact, or a broken link? Use the form below.

To report a correction or suggest an update:

[email protected]

Please include the page URL and a description of the issue.

For general questions:

[email protected]

 ·   · 

References

Read Next

Data Security Listings ANA › Professional Services Authority Authority › National Cyber Authority Authority › Data Security Authority Data Security Providers The providers published through... How to Get Help for Data Security ANA › Professional Services Authority Authority › National Cyber Authority Authority › Data Security Authority How to Get Help for Data Security Data security... Data Security Directory: Purpose and Scope ANA › Professional Services Authority Authority › National Cyber Authority Authority › Data Security Authority Data Security Network: Purpose and Scope The...