Introducing the CryptoCurrency Security Standard (CCSS)

The C4 mission statement is to develop and maintain standards that will benefit the cryptocurrency ecosystem. We accomplish this mission with the collaboration of the brightest minds in our space and have met success with each of our prior projects. Today, after months of working with extremely knowledgeable partners on this critical project, BitGo and C4 are proud to jointly announce the release of the draft CryptoCurrency Security Standard (CCSS) for public discussion.


Why a security standard?

Security has been a long-standing issue within our community. MTGox was the most notable failure, which to this day continues to be a black mark on our industry. More recently, Bitstamp was victim of another large compromise that saw a loss of approximately $5 Million USD.

The fact is: security is hard - but only when we don't work together.

Having a security standard we can all reference benefits everyone. Services will finally have a clear path they can follow when developing and maintaining operations, and consumers will have a measurement stick to help understand the security measures in place that protect their funds.

Established organizations will be more open to joining the space as the risk of missing key aspects due to misunderstandings are less likely to occur. Insurance companies will now have that measuring stick to verify operations looking for financial protection for themselves and their clients. Investors will have the ability to understand the readiness and maturity of the projects they choose to back.

With a standard, companies will no longer need to "go it alone" and hope they've covered everything; they'll have a checklist to follow that will help prevent them from being "goxed."

What does the CCSS cover in my organization?

The CryptoCurrency Security Standard focuses on the cryptocurrency storage and usage within an organization. CCSS is designed to complement existing standards (ISO 27001, PCI, etc.), and not replace them.

To that end, here's an example image that shows the 10 Aspects that the CCSS covers:

The above checklist is an example of an organization with an overall Level I rating but that also has some components that exceed Level I. All Level II requirements must be met in order to achieve Level II.

For a more in-depth understanding of the different aspects and components covered by the CCSS, we encourage you to read through the standard within the CCSS Open Standard Repository, or through the documents linked below.

The Standard

The latest draft of the CryptoCurrency Security Standard is published online via GitHub at http://cryptoconsortium.github.io/CCSS/


About BitGo

BitGo is the leading bitcoin security platform and a pioneer in multi-sig technologies.


About C4

The CryptoCurrency Certification Consortium (C4) is a Canadian-based not-for-profit organization that establishes cryptocurrency standards which help ensure a balance of openness & privacy, security & usability, and trust & decentralization.

Donations of support are welcome at 3FV7mZ441z9UefbRK5W1JAQ9jPuKFhMqv7