Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

C4, BitGo Publish Draft of CryptoCurrency Security Standard

A draft of the CryptoCurrency Security Standard (CCSS) was made available on Wednesday for public discussion.

The CCSS draft is the result of a collaboration between the CryptoCurrency Certification Consortium (C4), a Canada-based not-for-profit organization that establishes cryptocurrency standards, and Bitcoin security platform BitGo.

A draft of the CryptoCurrency Security Standard (CCSS) was made available on Wednesday for public discussion.

The CCSS draft is the result of a collaboration between the CryptoCurrency Certification Consortium (C4), a Canada-based not-for-profit organization that establishes cryptocurrency standards, and Bitcoin security platform BitGo.

Cryptocurrencies, particularly Bitcoin, have become increasingly popular over the past years. However, several security incidents, such as the ones involving Mt. Gox and more recently Bitstamp, have had a negative impact on the industry.

CryptoCurrency Security Standard (CCSS)

C4 and BitGo believe security standards can help address many of the current challenges. The CCSS is designed to encourage the cryptocurrency industry to take steps toward the adoption of security best practices.

C4 has noted that a cryptocurrency security standard will be beneficial for both service providers and consumers.

“Established organizations will be more open to joining the space as the risk of missing key aspects due to misunderstandings are less likely to occur. Insurance companies will now have that measuring stick to verify operations looking for financial protection for themselves and their clients. Investors will have the ability to understand the readiness and maturity of the projects they choose to back,” Joshua McDougall, C4’s director of operations, explained in a blog post.

The standard covers a total of 10 key security aspects focusing on the storage and usage of cryptocurrencies within an organizations. The list consists of key/seed generation, wallet creation, key storage, key usage, key compromise policy, keyholder grant/revoke policies and procedures, third-party security audits/pentests, data sanitation policy, proof of reserves, and audit logs.

Advertisement. Scroll to continue reading.

An organization that meets these requirements at a minimum will achieve “Level 1” security, which indicates that they have “proven by way of audit that they protect their information assets with strong levels of security.” There are three levels of security defined in the CCSS and while Level 1 is the lowest, it still indicates a strong level of security.

“With a standard, companies will no longer need to ‘go it alone’ and hope they’ve covered everything; they’ll have a checklist to follow that will help prevent them from being ‘goxed’,” said McDougall.

A whitepaper on CCSS and the draft are available online.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...