Contact

The Identity Security Authority provider network serves professionals, researchers, and organizations navigating the US identity security service sector — including practitioners working across authentication frameworks, access governance, privileged access management, and identity lifecycle compliance. This page describes how to reach the editorial office, what service area the provider network covers, and how to structure an inquiry to receive a substantive response.

Additional contact options

The provider network maintains a single primary intake channel for all external correspondence. Inquiries submitted outside that channel — including social media messages, third-party contact aggregators, or automated vendor outreach platforms — are not monitored and will not receive responses. This policy applies uniformly to provider inquiries, editorial corrections, and research requests.

For regulatory compliance matters, practitioners should direct substantive legal and technical questions to the relevant governing bodies rather than to provider network editorial staff. The primary federal agencies with jurisdiction over identity security practice areas include the Cybersecurity and Infrastructure Security Agency (CISA), the National Institute of Standards and Technology (NIST), and the Federal Trade Commission (FTC) for consumer-facing identity protection obligations. None of those agencies route inquiries through third-party directories.

For framework-specific technical standards, NIST Special Publication 800-63 (Digital Identity Guidelines) defines the authoritative US federal baseline for identity assurance levels across three tiers: IAL (Identity Assurance Level), AAL (Authenticator Assurance Level), and FAL (Federation Assurance Level). Inquiries about how a specific deployment maps to those tiers should be directed to the organization's internal compliance function or a licensed information security professional.

How to reach this office

The editorial office handles four discrete inquiry types, each subject to different handling timelines:

  1. Provider submission requests — Requests to add a publicly documented framework, agency, certification body, or practice category to the provider network. Submissions must include the public source URL, the relevant identity security subdomain (e.g., privileged access management, federated identity, identity governance and administration), and a description of why the resource meets provider network scope criteria as defined at Identity Security Providers.

  2. Editorial correction requests — Notices of factual inaccuracy in existing provider network content. Corrections referencing a specific named public source — such as a NIST publication, an eCFR citation, or a CISA advisory — receive priority handling over general feedback.

  3. Scope and purpose inquiries — Questions about what the provider network covers and where its jurisdiction ends. The page addresses the most common boundary questions before an inquiry is necessary.

  4. Research and media requests — Requests for provider network data, sector structure descriptions, or background information for publication. Research inquiries must identify the requesting organization and the intended publication context.

Response timelines differ across inquiry types. Editorial corrections referencing a primary source are typically resolved as processing allows. Provider submissions undergo a scope assessment against the provider network's coverage criteria before any response is issued.

Service area covered

The Identity Security Authority provider network operates at national scope within the United States. Coverage is structured around the federal regulatory and standards architecture governing identity security, not geographic distribution of service providers.

The provider network's subject matter encompasses identity and access management (IAM) frameworks, authentication and authorization standards, privileged access management (PAM) practice categories, identity governance and administration (IGA) structures, and the regulatory obligations that attach to identity systems under statutes including the Federal Information Security Modernization Act (FISMA) and sector-specific rules such as the HIPAA Security Rule and the FTC Safeguards Rule (16 C.F.R. Part 314).

State-level variation in identity-related breach notification law exists across all 50 US states but is not resolved within this network. Primary state-level obligations can be located through the National Conference of State Legislatures (NCSL) security breach notification law tracker.

The provider network does not cover non-US jurisdictions. Organizations operating under the European Union's identity and data governance frameworks — including the eIDAS Regulation (EU) No 910/2014 — should consult resources maintained within that regulatory perimeter.

What to include in your message

Incomplete inquiries delay or prevent substantive responses. Every message submitted to the editorial office should include the following 5 elements:

  1. Inquiry type — One of the four categories verified in the section above (provider submission, editorial correction, scope inquiry, or research/media request).
  2. Subject matter specificity — The identity security subdomain the inquiry concerns. Generic messages referencing "cybersecurity" without naming a practice area (e.g., zero-trust architecture, non-human identity governance, federated authentication) are deprioritized.
  3. Source reference — For provider and correction requests, the full URL or citation of the public source document being referenced (e.g., a NIST SP, a CISA advisory number, a CFR section).
  4. Organizational context — The type of organization submitting the inquiry: practitioner firm, academic institution, government agency, standards body, or independent researcher.
  5. Specific question or action requested — A plain statement of what response or outcome is expected. Messages that do not specify a requested action are treated as general feedback and are not assigned to an editor.

Messages that omit the source reference field for correction and provider requests will be returned without editorial review. The provider network's accuracy depends on traceable citations to named public documents — unsourced claims, vendor-originated characterizations, and undocumented assertions fall outside the scope of what the editorial process can evaluate.

Report a Data Error or Correction

Found incorrect information, an outdated fact, or a broken link? Use the form below.

Interested in becoming a verified provider?

[email protected]

Include your business name, location, and services offered.

 ·   · 

References

Read Next

Identity Security Listings ANA › Professional Services Authority Authority › National Cyber Authority Authority › Identity Security Authority Identity Security Providers The identity security... Identity Security Directory: Purpose and Scope ANA › Professional Services Authority Authority › National Cyber Authority Authority › Identity Security Authority Identity Security Network: Purpose and Scope The... Identity and Access Management (IAM) Explained ANA › Professional Services Authority Authority › National Cyber Authority Authority › Identity Security Authority Identity and Access Management (IAM) Explained...