Home Cyber Directory: Purpose and Scope

The Home Cyber Directory is a structured reference index of cybersecurity service providers, professionals, and firms serving residential and small-business clients across the United States. This page defines the directory's scope, establishes the criteria that govern which listings appear, and clarifies the boundaries of coverage. Professionals researching the residential cybersecurity service sector and consumers seeking qualified providers benefit from understanding how this directory is organized before engaging with individual listings found at Home Cyber Listings.

Standards for inclusion

Inclusion in the Home Cyber Directory is governed by qualification thresholds, not by advertising spend or user ratings. Providers must demonstrate active, verifiable credentials in at least one recognized cybersecurity discipline before a listing is generated or maintained.

The primary credentialing frameworks referenced during evaluation include:

1. Professional certifications — Providers carrying certifications from bodies such as (ISC)², CompTIA, or EC-Council (e.g., CISSP, Security+, CEH) satisfy baseline technical qualification requirements in their respective domains.
2. Business registration and licensing — Where state law requires cybersecurity or technology service firms to hold specific business licenses or contractor registrations, evidence of current standing is required. Texas, for example, maintains occupational licensing requirements administered through the Texas Department of Licensing and Regulation (TDLR) for certain security-adjacent service categories.
3. Insurance and bonding — Providers offering on-site services (device hardening, network audits, incident response) must carry general liability coverage at a minimum; errors-and-omissions (E&O) coverage is flagged where documented.
4. Scope of service alignment — A listing must fall within the directory's defined verticals: residential network security, smart home device protection, identity protection services, data recovery, endpoint security, and home-based small-business cybersecurity consulting.
5. No active enforcement actions — Providers subject to open FTC enforcement actions, state attorney general actions, or active complaints with the Better Business Bureau's dispute resolution process are excluded until resolution is documented.

The Federal Trade Commission's Safeguards Rule and NIST's Cybersecurity Framework (CSF) serve as reference standards for evaluating the technical scope of services listed. Providers whose service descriptions align with CSF function categories — Identify, Protect, Detect, Respond, Recover — are classified accordingly in the listing structure.

How the directory is maintained

The directory operates on a periodic review cycle rather than a static publication model. Listings are subject to three maintenance processes:

Initial intake review establishes whether a provider meets the qualification thresholds described above. No listing is published without completing this process.

Scheduled re-verification occurs on a structured interval to confirm that credentials remain active, insurance coverage has not lapsed, and no new enforcement actions have been filed. Certifying bodies including (ISC)² and CompTIA maintain public credential-verification portals that are used during this process.

Event-triggered review applies when a material change is identified — an enforcement action, a credentialing lapse, a change in the provider's service scope, or a documented pattern of consumer complaints filed with the CFPB's consumer complaint database or the FTC's ReportFraud.ftc.gov platform. Listings may be suspended pending review or removed if the triggering event is substantiated.

Providers are not notified in advance of scheduled re-verification. This structure preserves the integrity of the directory as a reference tool rather than a provider-managed profile system. The operational distinction mirrors the difference between a licensing board's public registry — maintained for public benefit — and a commercial directory where providers control their own presentation.

What the directory does not cover

The directory's defined scope excludes the following categories, regardless of provider qualification:

• Enterprise and corporate cybersecurity vendors whose primary client base is mid-market or large-enterprise organizations. The directory is scoped to residential and small-business (under 50 employees) service contexts.
• Managed Security Service Providers (MSSPs) operating exclusively under long-term enterprise contracts with SOC operations centers are outside scope. Firms offering MSSP services alongside residential or small-business offerings may qualify for partial listing limited to that service line.
• Cybersecurity software products and SaaS platforms — The directory covers service professionals and firms, not software vendors. Antivirus products, VPN platforms, and consumer security software are not listed regardless of market profile.
• Law firms and legal practices providing cybersecurity legal counsel, privacy law, or breach notification legal services. Those professionals operate under separate bar licensing regimes and are not evaluated against the technical credentialing standards applied here.
• Government agencies and nonprofit organizations — Public-sector bodies such as CISA (Cybersecurity and Infrastructure Security Agency) and nonprofit entities like the National Cybersecurity Alliance (NCSA) are referenced throughout the network's contextual resources but are not listed as service providers.
• Academic and training institutions offering cybersecurity degree programs or certification prep courses.

Requests for categories not covered by the directory can be directed through the intake process described at How to Use This Home Cyber Resource.

Relationship to other network resources

The directory functions as the primary listing layer within a broader reference architecture. It does not operate independently of the network's contextual and regulatory reference content.

The Home Cyber Directory: Purpose and Scope page — the current reference — establishes the structural rules that govern listings. The active listing inventory, organized by service category and state, is accessible through Home Cyber Listings. Those two resources serve distinct but connected functions: one defines the rules, the other applies them to a browsable index.

Regulatory framing for the cybersecurity service sector draws on published frameworks from CISA, NIST, and the FTC. NIST Special Publication 800-53 (Revision 5), which catalogs security and privacy controls for information systems, provides a technical reference baseline against which service descriptions in listings are evaluated. CISA's #StopRansomware guidance and the FTC's consumer cybersecurity resources establish the regulatory context within which residential service providers operate.

The directory does not duplicate the explanatory content maintained in the network's reference articles. Where a listing references a service type — such as penetration testing, threat monitoring, or network hardening — the technical definitions and professional qualification standards for those service categories are covered in the network's contextual resources, not within individual listing records.