The Cryptocurrency Security Standard (CCSS) is a set of requirements for all information systems that use cryptocurrencies, including exchanges, web applications and cryptocurrency storage solutions. By standardising the methods and methodologies used by systems around the world, end users can easily make informed decisions about which products and services to use and which companies they want to partner with.
The CCSS is intended to complement existing information security standards (e.g. ISO 27001:2013 and now ISO 27001-2022) by providing guidance on best security practices for cryptocurrencies such as bitcoin. CCSS is not intended to replace or supersede these standards. CCSS is a cryptocurrency standard that complements standard information security practices. As with any standard, the implementation of any information system requires knowledgeable and experienced security professionals and/or auditors to ensure all classes of attacks are covered, as well as the proper handling of all potential risks.
CCSS is broken down into three levels of security enhancement.
An information system that has achieved security level I is capable of protecting cryptocurrencies with a high level of security.
A higher CCSS Level II provides a higher level of security with formalised policies and procedures that are applied at each stage of the relevant business processes.
Level III CCSS requires multiple participants for all critical activities, advanced authentication mechanisms are used to ensure data authenticity, and assets are distributed geographically and organisationally.
Together, these requirements make cryptocurrencies more resistant to compromise.
