Cybersecurity Directory: Purpose and Scope

The National Identity Theft Authority cybersecurity directory functions as a structured reference index for professionals, researchers, and service seekers navigating the identity theft protection and cybersecurity service landscape in the United States. This page defines the directory's organizational boundaries, explains how listings are classified, and distinguishes this resource from adjacent content within the broader network. Understanding the scope prevents misuse of the directory and supports accurate interpretation of the services, tools, and organizations catalogued within it.

What the directory does not cover

The directory is a service-sector reference, not a legal database, treatment protocol, or law enforcement portal. Certain categories fall outside its scope by design.

Categories explicitly excluded:

  1. Pending litigation and active investigations — Law enforcement case files, ongoing FTC enforcement actions, and pending state attorney general proceedings are not catalogued here. The FTC maintains its own enforcement database at ftc.gov/enforcement.
  2. Private insurance products as primary listings — Identity theft insurance riders and standalone policies are addressed as a reference topic at Identity Theft Insurance Reference, but individual insurance carrier products are not rated, ranked, or compared in directory listings.
  3. Non-US jurisdictions — The directory operates at national scope within the United States. International cybersecurity frameworks — including GDPR-governed entities in the EU and PIPEDA-governed organizations in Canada — fall outside the listing criteria.
  4. Academic or theoretical research — research-based studies, university cybersecurity programs, and research consortia are not listed as service providers unless they operate consumer-facing services within a US regulatory context.
  5. Credit repair services not related to identity fraud — General credit score improvement services that do not intersect with identity theft recovery, as defined under the Fair Credit Reporting Act (15 U.S.C. § 1681 et seq.), are excluded.

The directory also does not provide attorney referrals, financial advice, or medical guidance. Professionals listed under relevant categories operate within their own licensing jurisdictions and regulatory frameworks.

Relationship to other network resources

The directory operates as one component within a layered reference structure. It is distinct from the editorial and explanatory content found elsewhere in the network, which addresses topics such as Data Breach and Identity Theft, Phishing and Identity Theft, and the mechanics of Synthetic Identity Theft.

The distinction is structural: editorial pages describe problems, mechanisms, and regulatory frameworks. Directory listings catalogue actual organizations, tools, and service providers operating within those frameworks.

Cross-references between the two content types are intentional. A researcher reading about Dark Web and Stolen Identity Data may be directed to relevant monitoring tool listings within this directory. A professional consulting Consumer Rights Under FCRA may cross-reference dispute service providers listed here. The two content types reinforce each other without duplicating function.

The directory also does not replicate government agency portals. Agencies such as the Federal Trade Commission, the Consumer Financial Protection Bureau (CFPB), the Social Security Administration (SSA), and the Internal Revenue Service (IRS) maintain their own public-facing resources. This directory provides contextual references to those agencies — for example, directing users toward IdentityTheft.gov Explained or the IRS Identity Protection PIN Guide — but does not mirror or compete with official government infrastructure.

How to interpret listings

Directory listings follow a consistent classification schema organized by service type, regulatory context, and operational scope.

Listing classification dimensions:

  1. Service category — Each listing is assigned to one of the primary service categories: identity monitoring, credit bureau dispute services, fraud alert and freeze facilitation, recovery assistance, legal services (identity fraud–specific), law enforcement liaison resources, or federal/state agency contacts.
  2. Regulatory alignment — Listings note the primary regulatory body governing the listed entity. For credit reporting–adjacent services, this is typically the CFPB under the FCRA. For tax-related identity fraud services, the IRS and Treasury Inspector General for Tax Administration (TIGTA) are the governing bodies. For law enforcement–linked resources, applicable jurisdiction (federal, state, or local) is noted.
  3. Operational scope — Listings indicate whether the service operates nationally, in a defined subset of states, or exclusively in a single jurisdiction. The Identity Theft by State reference page provides jurisdictional context for state-specific services.
  4. Consumer vs. professional orientation — Listings distinguish between services designed for individual consumers (such as credit freeze facilitation tools) and those intended for attorneys, compliance officers, financial institutions, or law enforcement professionals.
  5. Nonprofit vs. commercial status — Listings note organizational type. The Identity Theft Resource Center (ITRC), for example, is a nonprofit operating under a distinct service model from commercially licensed identity protection platforms. Both are catalogued, with classification clearly noted.

Listings do not constitute endorsements. Inclusion in the directory indicates that an organization or tool meets the classification criteria for a given service category and operates within a recognized US regulatory framework — not that its services are superior to alternatives.

Purpose of this directory

The directory addresses a structural gap in the identity theft service landscape: the absence of a neutral, classification-based index that maps the full range of service providers, tools, federal resources, and professional categories without commercial ranking incentives.

Identity theft affects an estimated 1 in 3 Americans over their lifetime, according to the Identity Theft Statistics US reference compiled from Federal Trade Commission Consumer Sentinel Network data. The service sector responding to that scale of harm is fragmented across federal agencies, state regulators, nonprofit organizations, and private vendors — each operating under different authorities and serving different aspects of recovery.

The directory organizes this landscape by applying consistent classification standards drawn from named regulatory frameworks: the FCRA, the Identity Theft Enforcement and Restitution Act (18 U.S.C. § 1028), FTC guidance, and NIST Cybersecurity Framework categories. It provides a reference structure that supports Identity Theft Victim Recovery Roadmap navigation, professional research into the Federal Agencies Identity Theft Oversight ecosystem, and practitioner access to the Identity Theft Assistance Organizations sector without requiring the user to parse commercial marketing materials to determine service scope. The cybersecurity listings themselves are maintained against these classification standards to ensure structural consistency across the directory's full scope.

📜 4 regulatory citations referenced  ·  🔍 Monitored by ANA Regulatory Watch  ·  View update log

Explore This Site

Regulations & Safety Regulatory References
Topics (48)
Tools & Calculators Password Strength Calculator