Contact

The National Cyber Safety Authority maintains this contact page as the primary point of coordination for provider network inquiries, provider submissions, research requests, and corrections to published information. The scope of this reference covers the United States cybersecurity services sector, and correspondence is directed accordingly. Accurate, complete initial contact reduces response cycles and ensures inquiries are routed to the appropriate review function.

How to reach this office

Correspondence directed to the National Cyber Safety Authority is handled through a structured intake process consistent with public-sector reference operations in the cybersecurity vertical. This is a provider network and reference resource, not a government regulatory body. For matters involving regulatory enforcement, reporting obligations, or statutory compliance, the appropriate agencies include the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Trade Commission (FTC), and the Department of Homeland Security (DHS), each of which maintains dedicated public reporting portals.

Primary contact is handled via the administrative email on record for this domain. Written correspondence should identify the nature of the request in the subject line using one of the 4 recognized request categories: provider submission, provider correction, research inquiry, or operational feedback. Requests that do not conform to a recognized category are triaged under general inquiry and may experience longer handling times.

This resource does not provide legal counsel, cybersecurity incident response, or regulatory compliance advice. Inquiries requiring those services should be directed to licensed professionals or the relevant public agencies named above.

Service area covered

The National Cyber Safety Authority operates at national scope within the United States, covering cybersecurity services, cyber safety programs, and digital threat mitigation resources across all 50 states and the District of Columbia. The provider network covers service providers operating in both the public and private sectors, including firms and practitioners credentialed under recognized frameworks such as NIST SP 800-181 (the NICE Cybersecurity Workforce Framework) and organizations registered with CISA's National Critical Infrastructure programs.

The geographic coverage does not extend to international providers or cross-border service providers unless the provider maintains a verified US-based operational presence and holds credentials recognized under US standards. The distinction between a US-registered provider and a US-operational provider is material to provider eligibility: registration alone without demonstrable US service delivery does not satisfy provider network inclusion criteria.

Inquiries from researchers, journalists, and policy analysts working on topics within the US cybersecurity sector are within scope and are handled under the research inquiry category.

What to include in your message

Complete and structured messages accelerate routing and reduce unnecessary back-and-forth. The following breakdown defines the minimum required information by request type:

1. Provider submission requests: Full legal business name, primary US state of operation, service category (referencing the taxonomy used in the Cyber Safety Providers section), relevant professional credentials or certifications (e.g., CISSP, CISA, SOC 2 Type II attestation), and a verifiable point of contact for the verified entity.

2. Provider correction requests: The exact provider name as it appears in the network, the specific field or fields requiring correction, the corrected information with supporting documentation where applicable, and the submitter's relationship to the verified entity (owner, authorized representative, or third-party researcher).

3. Research inquiries: Institutional or organizational affiliation, a brief description of the research scope, the specific data or provider network categories relevant to the inquiry, and the intended use or publication context.

4. Operational feedback: A description of the issue encountered, the specific page or provider affected (URL or provider name), and browser/platform information if the feedback involves a technical display error.

Messages lacking the fields appropriate to their category are returned for completion before review begins. This policy is consistent with intake standards used by public reference bodies to maintain queue efficiency. CISA's own public inquiry processes similarly require structured submission fields for cybersecurity incident and vulnerability reports.

Response expectations

Response timelines depend on inquiry category and completeness of the initial submission. The following represents standard handling windows under normal queue conditions:

• Provider corrections: Acknowledged as processing allows; resolution as processing allows, contingent on verification of submitted documentation.
• Provider submissions: Acknowledged as processing allows; eligibility determination as processing allows. Submissions requiring third-party credential verification may extend to 30 business days.
• Research inquiries: Acknowledged as processing allows; substantive response dependent on scope and available data, typically 14–30 business days.
• Operational feedback: Acknowledged as processing allows; technical issues escalated internally on a priority basis with no guaranteed public response timeline.

These windows are not contractual commitments. Volume periods — such as those following major public cybersecurity events or policy announcements from bodies like CISA or the National Institute of Standards and Technology (NIST) — can extend all categories by up to 10 additional business days.

The National Cyber Safety Authority does not guarantee provider inclusion for any submitted entity. Provider Network providers are subject to editorial review, eligibility assessment against published criteria, and periodic re-verification. Entities seeking to understand the scope and purpose of the provider network prior to submission may consult the page for the governing framework and inclusion standards.

Correspondence that constitutes legal notice, demand, or formal complaint should be addressed in writing to the parent network's administrative contact. This provider network resource does not accept service of process through the general inquiry channel.