Cybersecurity Directory: Purpose and Scope

The identityprotectionauthority.com cybersecurity directory organizes publicly available information about identity theft categories, consumer protection frameworks, regulatory bodies, monitoring services, and recovery processes relevant to individuals and professionals operating within the United States. This page defines what the directory covers, how listings are structured, the standards applied for inclusion, and how the directory is maintained over time. These boundaries clarify where this resource is authoritative and where readers must consult licensed legal or financial professionals.

Geographic coverage

This directory operates at national scope within the United States, with coverage shaped by the federal regulatory architecture governing consumer identity protection. The primary statutory and regulatory anchors include the Fair Credit Reporting Act (15 U.S.C. § 1681), administered by the Federal Trade Commission; the FTC's Identity Theft Program requirements under 16 C.F.R. Part 603; and the FTC's consumer-facing identity theft recovery infrastructure at IdentityTheft.gov.

State-level variation is acknowledged but not resolved within this directory. All 50 states have enacted data breach notification statutes, and state attorneys general independently enforce identity theft provisions that may layer on top of federal standards. The directory names these jurisdictional categories — including state-specific credit freeze procedures and fraud alert rights — but does not interpret their application to specific fact patterns. For jurisdiction-specific legal determinations, readers must consult qualified legal counsel.

The directory addresses threats and service categories including financial identity theft, medical identity theft, synthetic identity fraud, and child identity theft, each of which carries distinct federal and state regulatory treatment. Military-specific provisions under the Military Lending Act and SCRA are covered under identity protection for military personnel.

How to use this resource

The directory is structured as a reference instrument, not a sequential guide. Readers navigating a live identity theft incident, a professional research question, or a regulatory compliance inquiry will find distinct entry points depending on their immediate need.

The primary organizational axes are:

1. Threat category — Entries are classified by the type of identity compromise involved, distinguishing between account takeover, new account fraud, tax identity theft, criminal identity theft, and synthetic fraud. Each category carries different reporting pathways, regulatory bodies, and recovery instruments.
2. Protective mechanism — Entries covering credit freezes, fraud alerts, dark web monitoring, and multi-factor authentication are classified by the control type they represent, not by the vendor deploying them.
3. Recovery process phase — Entries map to discrete phases: detection, containment, reporting, dispute resolution, and restoration. The identity restoration process page details these phases in structured form.
4. Regulatory and legal framework — Entries covering consumer rights, agency authority, and statutory remedies are classified under the governing body or statute, such as the FCRA, FTC Act, or FACTA.

For readers assessing a specific threat type, the identity theft types and definitions page provides classification boundaries. For aggregate scope data, the identity theft statistics — US page references figures drawn from named public sources including the FTC Consumer Sentinel Network and the Bureau of Justice Statistics.

The directory does not provide legal advice, regulatory compliance determinations, or vendor procurement guidance. Listings describe publicly documented frameworks, agencies, and categories — they do not constitute endorsements of any product, service, or organization.

Standards for inclusion

Entries within this directory are evaluated against a defined set of inclusion criteria before publication. The following conditions govern whether a framework, agency, service category, statute, or threat type is listed:

• Public documentation requirement — The subject must be documented in a publicly accessible primary source: a federal statute, regulatory agency publication, NIST Special Publication, FTC guidance document, or equivalent named authority. Entries are not created based on vendor white papers, sponsored research, or unverified secondary sources.
• US consumer applicability — The subject must have direct relevance to US consumers or professionals operating within the US identity protection sector. International frameworks are referenced only where they intersect with US regulatory obligations (e.g., cross-border data breach notification).
• Categorical stability — The subject must represent a stable, defined category rather than a transient vendor product or evolving threat label not yet codified in regulatory or standards literature.
• Regulatory or operational significance — The subject must carry meaningful consequence for identity protection decisions, recovery processes, or compliance obligations. Entries with no operational downstream effect are excluded.

Comparison: Framework entries vs. service category entries

Framework entries (e.g., NIST SP 800-63-3 identity proofing standards, FCRA adverse action rights) are anchored to specific statutory or standards text and do not change unless the underlying document is revised. Service category entries (e.g., dark web monitoring explained, identity monitoring services comparison) describe a class of service as it exists across multiple providers, evaluated by the functions the category performs — not by any single vendor's implementation.

Content types excluded from this directory: real-time threat intelligence feeds, active CVE patch timelines, jurisdiction-specific legal opinions, vendor product rankings, and incident response retainer referrals.

How the directory is maintained

Directory content is reviewed against named primary sources — principally FTC publications, NIST Special Publications, the Consumer Financial Protection Bureau's regulatory library, and the FTC's Consumer Sentinel Network data releases. When a governing statute is amended, a NIST publication revised, or a federal agency modifies enforcement guidance, affected entries are flagged for update.

The FTC's IdentityTheft.gov recovery platform and the CFPB's credit reporting dispute infrastructure are the two most frequently referenced operational sources within the directory. Changes to either platform's documented processes trigger review of all entries that cite those workflows, including the FTC IdentityTheft.gov guide and disputing fraudulent accounts.

Entries covering personal information at risk and digital identity footprint are reviewed against any newly published NIST or CISA guidance affecting data classification or consumer-facing risk definitions. The CISA Zero Trust Maturity Model v2.0 designation of identity as one of five core pillars informs how identity verification controls are framed within applicable entries.

No entry is modified based on commercial relationships, sponsored content arrangements, or vendor requests. The directory's institutional independence from product vendors is a structural requirement of the inclusion standards described above — not a discretionary editorial policy.