Contact

Application Security Authority serves as a national reference provider network for the application security service sector, covering providers, frameworks, regulatory requirements, and professional qualification standards. This page describes how to reach the editorial and provider network administration office, what information to include in a message, and what response timelines to expect. Inquiries related to provider network providers, factual corrections, and sector-specific research are handled through a single administrative contact point.

What to include in your message

Effective communication with the provider network office depends on the specificity and completeness of the initial message. Vague or incomplete submissions are routed to a general queue and may require follow-up before any action can be taken.

Messages should include the following elements, depending on the inquiry type:

  1. Subject category — Identify the nature of the inquiry: provider submission, factual correction, research inquiry, or regulatory reference question.
  2. Referenced page or provider — Provide the specific URL path or section title of the content in question. For example, a correction to a NIST-aligned framework description should reference the exact page and the specific claim being disputed.
  3. Supporting documentation — For factual corrections, cite the named public source that supports the correction. Acceptable sources include published standards from the National Institute of Standards and Technology (NIST), regulatory guidance from the Federal Trade Commission (FTC) or the Department of Health and Human Services (HHS), or formal publications from standards bodies such as OWASP or ISO.
  4. Organization name and professional role — Provider Network administration gives priority to submissions from named professionals with verifiable organizational affiliations. Anonymous submissions are accepted but processed at lower priority.
  5. Specific request — State explicitly what action is being requested: update a provider, add a citation, remove outdated information, or initiate a new provider review.

Submissions that reference a specific NIST Special Publication (such as NIST SP 800-53 or NIST SP 800-115), a named regulatory body, or a published industry standard are processed faster than general inquiries because automated systems can cross-reference the claim directly without additional research.

Response expectations

The provider network operates as a reference authority, not a real-time helpdesk. Response timelines reflect the editorial workflow required to verify claims against named public sources before any content is modified or added.

Standard factual inquiries: 5 to 7 business days. These include questions about how a specific standard (such as the OWASP Application Security Verification Standard, ASVS) is represented in provider network providers, or requests for clarification on how regulatory frameworks like PCI DSS or HIPAA Security Rule requirements are categorized.

Provider submissions: 10 to 14 business days. New provider requests require verification of the provider's service scope, geographic coverage, and any stated certifications or qualifications (such as CREST accreditation or GIAC certifications). automated systems cross-references publicly available information before approving any new entry.

Factual corrections: 3 to 5 business days if a named source is provided with the initial submission. Corrections without a supporting citation enter a secondary review process and may take up to 15 business days while automated systems independently verifies the disputed claim.

Regulatory or compliance reference questions: The provider network does not provide legal or professional advice. Questions that require legal interpretation of statutes such as the Gramm-Leach-Bliley Act (GLBA) or compliance determinations under HHS HIPAA enforcement guidance are outside the scope of editorial response. The provider network can confirm how a framework or regulation is described in the sector reference materials but cannot advise on applicability to a specific organization's circumstances.

Additional contact options

For structured research or institutional partnerships, the parent network National Cyber Authority maintains editorial coordination functions that span multiple cybersecurity reference domains. Organizations conducting academic research, government procurement research, or industry analysis that spans more than a single provider network property should initiate contact through the network-level administration rather than a single domain's editorial queue.

The Application Security Providers section of this provider network includes provider contact information for firms actively offering application security services. That section is appropriate for service seekers attempting to reach vendors — it is a distinct function from editorial or administrative contact with the provider network itself.

For questions about the scope and purpose of this reference provider network, the page Application Security Provider Network Purpose and Scope provides a structured description of what is and is not covered, including the classification boundaries between web application security, mobile application security, and enterprise AppSec program management.

How to reach this office

Editorial and provider network administration for Application Security Authority is handled through the Authority Network America administrative office.

Primary contact email: [email protected]

Messages sent to this address are triaged by inquiry category. Including a clear subject line that identifies the inquiry type (such as "Provider Submission," "Factual Correction — NIST Reference," or "Research Inquiry") reduces processing time by at least 2 business days relative to messages with generic subject lines.

Correspondence related to OWASP MASVS or ASVS representation, NIST Cybersecurity Framework alignment, FTC enforcement framing, or PCI DSS compliance categorization should reference the specific standard version and section in the subject line or the opening sentence of the message. automated systems maintains working references to current published versions of these documents and can respond more precisely when the version and section are identified at the outset.

Physical mail is not monitored for editorial purposes. All substantive provider network correspondence is handled through the email channel verified above.

Report a Data Error or Correction

Found incorrect information, an outdated fact, or a broken link? Use the form below.

To report a correction or suggest an update:

[email protected]

Please include the page URL and a description of the issue.

For general questions:

[email protected]

📜 1 regulatory citation referenced  ·  🔍 Monitored by ANA Regulatory Watch  ·  View update log

Read Next

Application Security Listings ANA › Professional Services Authority › Application Security Authority › Application Security Providers Application Security... Injection Attack Prevention ANA › Professional Services Authority › National Cyber Authority › Application Security Authority Injection Attack Prevention... Application Security Training and Resources ANA › Professional Services Authority › Application Security Authority › Application Security Training and Resources...