Contact
Encryption Authority serves as a structured reference directory for the encryption and cryptographic services sector in the United States. This page documents the contact channels available for directory inquiries, listing corrections, and sector research requests. All communications are handled in accordance with the scope defined in the Cybersecurity Directory Purpose and Scope reference. Readers submitting inquiries should review the submission guidelines below to ensure requests are routed appropriately and addressed efficiently.
Additional contact options
Beyond direct messaging, the directory supports structured engagement through three primary channels, each designed for a distinct inquiry type.
1. Directory Listing Inquiries
Organizations operating in the encryption services sector — including certificate authorities, hardware security module vendors, key management platform providers, and cryptographic consultancies — may submit listing requests or corrections through the primary contact form. Listings are evaluated against publicly verifiable service credentials, including alignment with NIST Cryptographic Guidelines and applicable FIPS 140 Encryption Standards certifications administered by the National Institute of Standards and Technology (NIST) under the Cryptographic Module Validation Program (CMVP).
2. Editorial and Research Requests
Researchers, journalists, and policy analysts seeking factual clarifications on directory classifications or sector coverage may submit editorial inquiries. Requests should specify the reference page in question — for example, Public Key Infrastructure or Certificate Authorities in the US — and identify the specific factual point requiring clarification.
3. Regulatory and Compliance Reference Requests
Professionals navigating compliance frameworks — such as HIPAA Encryption Requirements enforced by the U.S. Department of Health and Human Services (HHS), or PCI DSS Encryption Requirements governed by the Payment Card Industry Security Standards Council — may request clarification on how directory categories align with regulatory classifications. These requests do not constitute legal or compliance advice; the directory provides structural reference only.
How to reach this office
The primary contact mechanism is the web-based inquiry form hosted on this domain. The form routes submissions to the appropriate internal queue based on inquiry type. Response timelines vary by category:
- Directory listing corrections: Reviewed within 5 business days of receipt.
- Editorial and research requests: Acknowledged within 3 business days; substantive response within 10 business days depending on complexity.
- Regulatory reference requests: Routed to the compliance reference team; standard response window is 7 business days.
All submissions are logged with a timestamp and inquiry classification code. Incomplete submissions — those lacking a named organization, a specific reference point, or a verifiable contact address — are held pending follow-up rather than discarded. Encryption Authority does not operate a public telephone line. Written communication through the form is the sole supported channel, consistent with the directory's function as a reference-grade written resource rather than an advisory service.
Service area covered
Encryption Authority maintains national scope across the United States, covering all 50 states and U.S. territories where federal encryption regulations apply. The directory's geographic boundaries align with the jurisdictional reach of the primary regulatory bodies that govern cryptographic services domestically.
Federal frameworks with national applicability indexed in this directory include:
- NIST SP 800-series guidelines — including SP 800-57 (key management) and SP 800-131A (transitioning cryptographic algorithms), published by NIST at csrc.nist.gov
- Federal Information Processing Standards (FIPS) — particularly FIPS 140-2 and FIPS 140-3, the benchmarks for cryptographic module validation used across federal agencies
- Export Administration Regulations (EAR) — administered by the Bureau of Industry and Security (BIS), which govern U.S. Export Controls on Encryption for products leaving domestic jurisdiction
The directory does not extend to international regulatory frameworks such as the EU's eIDAS regulation or ISO/IEC 27001 except where those frameworks intersect with U.S.-based service providers. Sector coverage spans both technical domains — including Post-Quantum Cryptography, Hardware Security Modules, and Encryption Key Management — and compliance-adjacent categories such as Tokenization vs. Encryption and Data Encryption at Rest.
What to include in your message
Submissions that include complete identifying information are processed faster and with greater accuracy. The following breakdown defines required and supplemental fields by inquiry type.
For directory listing requests or corrections:
1. Organization legal name and primary business address
2. Specific listing or page URL in question (e.g., Cybersecurity Listings)
3. Nature of the correction — factual error, outdated information, or missing entry
4. Supporting documentation reference, such as a CMVP certificate number issued by NIST or a published compliance attestation
For editorial and research requests:
1. Institutional affiliation (publication, academic institution, or agency name)
2. Specific reference page or section being queried
3. Nature of the factual question — classification boundary, source citation, or definitional scope
4. Deadline, if the request is time-sensitive
For regulatory and compliance reference requests:
1. The regulatory framework at issue — for example, HIPAA (45 CFR Part 164), PCI DSS v4.0, or FIPS 140-3
2. The directory category or page relevant to the inquiry
3. A description of the structural question, distinct from any request for legal interpretation
Submissions that conflate advisory requests with reference requests will be redirected. The directory does not render opinions on specific compliance postures, vendor selection decisions, or legal interpretability of statutory language. The Glossary of Encryption Terms and Encryption Compliance: US Regulations pages serve as the primary self-service reference points before submitting a regulatory inquiry.