Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

C4, BitGo Publish Draft of CryptoCurrency Security Standard

A draft of the CryptoCurrency Security Standard (CCSS) was made available on Wednesday for public discussion.

The CCSS draft is the result of a collaboration between the CryptoCurrency Certification Consortium (C4), a Canada-based not-for-profit organization that establishes cryptocurrency standards, and Bitcoin security platform BitGo.

A draft of the CryptoCurrency Security Standard (CCSS) was made available on Wednesday for public discussion.

The CCSS draft is the result of a collaboration between the CryptoCurrency Certification Consortium (C4), a Canada-based not-for-profit organization that establishes cryptocurrency standards, and Bitcoin security platform BitGo.

Cryptocurrencies, particularly Bitcoin, have become increasingly popular over the past years. However, several security incidents, such as the ones involving Mt. Gox and more recently Bitstamp, have had a negative impact on the industry.

CryptoCurrency Security Standard (CCSS)

C4 and BitGo believe security standards can help address many of the current challenges. The CCSS is designed to encourage the cryptocurrency industry to take steps toward the adoption of security best practices.

C4 has noted that a cryptocurrency security standard will be beneficial for both service providers and consumers.

“Established organizations will be more open to joining the space as the risk of missing key aspects due to misunderstandings are less likely to occur. Insurance companies will now have that measuring stick to verify operations looking for financial protection for themselves and their clients. Investors will have the ability to understand the readiness and maturity of the projects they choose to back,” Joshua McDougall, C4’s director of operations, explained in a blog post.

The standard covers a total of 10 key security aspects focusing on the storage and usage of cryptocurrencies within an organizations. The list consists of key/seed generation, wallet creation, key storage, key usage, key compromise policy, keyholder grant/revoke policies and procedures, third-party security audits/pentests, data sanitation policy, proof of reserves, and audit logs.

An organization that meets these requirements at a minimum will achieve “Level 1” security, which indicates that they have “proven by way of audit that they protect their information assets with strong levels of security.” There are three levels of security defined in the CCSS and while Level 1 is the lowest, it still indicates a strong level of security.

Advertisement. Scroll to continue reading.

“With a standard, companies will no longer need to ‘go it alone’ and hope they’ve covered everything; they’ll have a checklist to follow that will help prevent them from being ‘goxed’,” said McDougall.

A whitepaper on CCSS and the draft are available online.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Compliance

Web scraping is a sensitive issue. Should a third party be allowed to visit a website and use automated tools to gather and store...

Cloud Security

Proofpoint removes a formidable competitor from the crowded email security market and adds technology to address risk from misdirected emails.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...