The record of audit procedures performed, relevant audit evidence obtained, and conclusions the auditor reached.
CryptoCurrency Security Standard Auditor
CryptoCurrency Security Standard Auditor Peer Reviewer
Certificate of Compliance
Entity website, entity contact, system audited, listing fee, and entity logo at least 500x500 pixels
in size.
Constant and Uninterrupted.
Used interchangeably with “Organization.” The Entity or Organization is the body that controls the systems being audited.
The Listing Fee is the cost paid to C4 by the CCSSA for each completed audit. The Listing Fee
covers:
1. listing an entity’s CoC on C4’s website
2. providing the CCSSA with an entity's CoC and Audit Badge.
Used interchangeably with “Entity.” The Entity or Organization is the body that controls the systems being audited.
As determined to be sufficient by the auditor
Peer Review Options List
Qualified Service Provider
A copy of the Report on Compliance (RoC) audit report from which the CCSSA has redacted all sensitive information and personal identifiable information (PII) of the audited entity’s environment, information systems being audited, and personnel interviewed as part of the audit process.
Annually
Report on Compliance
Summary Report on Compliance
An actor is a high level term for any entity involved in key generation, management, operations, or who in their role has the ability to impact the security of key material. This includes any seed data used to generate the keys, the keys themselves, or shards of keys. As such key-holders and operators are both specific types of actors. However, depending on the particular architecture and operations in an environment there may be other roles that qualify as actors in the context of the CCSS.
A cryptocurrency address is (usually) an encoded form of a public key from a wallet that can be used as the recipient of a transaction. In multi-signature schemes, an address may be an encoding of information including several public keys and/or other information as in the case of a bitcoin P2SH address.
A communication channel that provides high confidence of the identities of the communicating parties. This could be a voice call where the sound of their known voice is verified, a digitally-signed message (using strong encryption such as PGP/GPG or S/MIME), or a combination of multiple separate channels that are unlikely to be simultaneously compromised, such as an email + an SMS message + an instant message via Slack.
This is the total amount of assets custodied by the entity on their clients behalf, as determined
by the CCSSA at the beginning of the audit.
A control put in place by the entity which provides equivalent or comparable protection to the control defined in the CCSS. The CCSSA can use their professional judgment where organizational controls do not meet CCSS controls descriptions but provide a similar level of protection.
A method of Sanitization that renders Target Data recovery infeasible using state of the art laboratory techniques and results in the subsequent inability to use the media for storage of data. Per NIST
A kind of PRNG that can produce some number of values (usually keys) from a single seed.
DRBGs are primarily useful due to their ability to limit a system’s reliance on secure sources of
entropy.
A mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very strong reason to believe that the message was created by a known sender (authentication), and that the message was not altered in transit (integrity).
Entity stakeholders are individuals or groups that have a vested interest in the operations, security, or outcomes of an organization or system.
Randomness, usually collected from hardware, environmental factors (time of execution), or
external sources (user-input). Wikipedia
A collection of inputs that provides for an unguessable output to be used by cryptographic operations.
Multi-factor authentication schemes require multiple demonstrations of identity. The most
common example is a username and password combination, where each input is a factor of
authentication. To access protected information in this scheme, an actor must provide those two
pieces of information. Additional factors generally (although with diminishing returns) increase
the security of the system. Common examples include:
● A TOTP token may be required, where the token can only be obtained from a device
seeded with the TOTP secret (Google Authenticator), which effectively requires the actor
be in possession of a specific pre-authorized device.
● An OTP can be delivered to a phone number via SMS, MMS, or a voice call.
● A biometric scan may be required - although this is usually only useful if the access point
is in a controlled and trusted environment.
Colloquially, a username is not considered a factor of authentication since usernames are not
commonly secret information. The same applies to email addresses, phone numbers, and other pieces of data which only “identify” actors. The requirement imposed by a factor of
authentication should only be satisfiable by the actor identified.
An information system that meets all applicable CCSS requirements in totality. In situations where an information system utilizes a CCSS certified Qualified Service Provider (QSP) information system (e.g. a wallet infrastructure provider’s wallet software) as part of their information system, some CCSS requirements may be met by the QSP information system, as determined by the CCSSA conducting the CCSS audit.
Distinct physical locations based on a system's threat model. Refer to requirement 2.03.2.1 for further guidance. The use of multiple geographic locations reduces the risk of single points of failure, distributing key material in a way that mitigates the impact of localized threats such as natural disasters, physical theft, or regional outages.
A wallet that uses a cryptographically secure key derivation function (e.g. PBKDF2) to create an
arbitrarily large number of unique addresses from a single master seed. These are beneficial as
only the master seed needs to be backed up to protect against loss. Some HD wallet software
can also support multi-signature configurations where multiple master seeds are combined
when creating addresses. HD wallets generally organize addresses into an n-ary tree structure,
where each address is associated with a path through the tree. The first HD wallet standard
adopted by many applications in the Bitcoin community was BIP32 as proposed by Pieter
Wuille. BIP44 introduced additional functionality allowing sub-paths to be shared without
compromising the security of the entire wallet.
Identity verification is a tiered process by which an organization or system attempts to confirm
the authenticity of an actor's claim to be a given individual or organization.
Typical methods of identity verification for individuals include:
● one or more forms of government-issued identification (driver’s license, passport, etc.)
● one or more proofs of residency at the individual’s home (utility bills, bank statements,
etc.)
● successful completion of challenge questions through a reputable identity-verification
service operating in the individual’s country of residence (e.g. Equifax)
In cases of an organization, the supporting records can include:
● Employer Identification Number (“EIN”), Business Number, or similar identifier based on
jurisdiction
● D-U-N-S Number
● Articles of Incorporation
In either case, enough supporting documentation should be provided and verified to support the actor’s identity claim.
Any key material that must remain private such as private key, seed phrase or any key material that if exposed to unauthorized access could result in unauthorized access to virtual assets.
Procedures and actions an organization takes if cryptographic key material is suspected or confirmed to have been compromised. This policy defines how to respond to minimize risks, such as unauthorized access or misuse, and includes measures for key revocation, replacement, and notification of affected parties.
The process of generating keys for cryptography. Per NIST
The cryptographic process of creating key material, ie creating unguessable seed phrases, private key pairs, MPC shares, etc.
A (key/seed) holder is a person, organization, system, or service that (for the purposes of this specification) makes direct use of a cryptographic key or seed (or shard of a key or seed as might be the case.) A key holder is also called an actor.
The parameters used to derive or represent cryptographic keys. It includes the raw components—such as seed phrases, private keys, public keys, or key shares—that are fundamental to encryption, decryption, signing, or verifying digital information.
A security principle that a system should restrict the access privileges of users (or processes acting on behalf of users) to the minimum necessary to accomplish assigned tasks. Per NIST
A common security feature of cryptocurrency wallet applications is to require multiple signers from different key material to create a valid signature.
A requirement can be marked as Not Applicable if a requirement does not apply to the assessed entity’s environment. CCSSA’s must provide evidence that testing was undertaken to confirm that the assessed entity’s environment does not support or provide a facility that would meet the requirements intent when marking a control as Not Applicable.
Example 1
1.01.2.2 In cases where keys or seeds are created without the use of software (e.g., dice, a deck of cards, or other non-digital source of entropy), the creation methodology must be validated to ensure determinism is not present (e.g., there are no weighted dice, each card in the deck is unique).
If the information system being audited uses software to generate the entropy when creating keys or seeds then this requirement is Not Applicable
A one-time password is any token (often used as a factor of authentication) that is valid for one and only one use. OTP tokens are generally as secure as the weakest of:
1. The channel used to deliver the OTP to the intended user, if any.
2. The system where the OTP is generated and stored until “redeemed.”
Software designed to control the hardware of a specific data-processing system in order to allow users and application programs to make use of it.
An operator is an individual involved in the management and operations of key material. This includes the generation of seed data and the key material, sharding of keys, backing up key data, etc. Some operators may be involved in the processes above, but never actually be given or have access to the actual key material, so they may or may not also be key-holders themselves. Like key-holders, however, all operators are actors, but clearly not all actors are operators.
Formalized statement or document that outlines an organization's approach and commitments to securing its assets, data, and operations. It sets the overarching principles and rules that determine the desired security posture of the organization.
Details the specific actions or sequences of actions to be taken to implement a given security policy. They act as operational blueprints, providing clear instructions to staff or systems on how to perform tasks securely and consistently.
Sometimes: CSPRNG (Cryptographically Secure PRNG).
See related: DRBG (Deterministic Random Bit Generator).
A production network is the live, operational environment where finalized systems, applications, or smart contracts are deployed and actively used by entity stakeholders. It represents the environment in which real-world interactions, transactions, and processes occur.
Asset of predefined rules and conventions that dictate how data is transmitted and received over a network or how components in a system should interact. Protocols ensure that communication or processes occur in a secure, standardized, and predictable manner.
An algorithm, program, or system used to produce arbitrary difficult-to-guess values for
cryptographic applications. Typically seeded with some source of entropy, PRNGs are used,
among other things, to generate cryptographic keys. (Wikipedia)
Sometimes: CSPRNG (Cryptographically Secure PRNG).
See related: DRBG (Deterministic Random Bit Generator).
All parts of the demonstrated process that are within a system’s control were shown to meet the requirement as written in the CCSS, however there are elements that lay beyond the audited system’s control. This qualifies the process to be found “in-place” when implemented by a consumer system that makes use of the audited system as a service provider.
A CCSS Qualified Service Provider (QSP) is a system that meets many of the requirements for CCSS certification with the exception of the few requirements that another system has control over. A QSP is a system that facilitates a subset of custody services to other systems and therefore is only required to meet certain requirements. This means that if a system uses a QSP, the audit focus is only on the few remaining requirements to become certified.
A slice of entropy typically used to initialize a PRNG/DRBG or other crypto-system (e.g. HD
Wallets, deterministic signatures).
Systems that hold all keys to the system that controls the entity’s own funds.
An individual or organization that delivers specialized services or functions. In the digital domain, this includes roles such as cloud hosting providers, payment processors, and IT support teams. On the physical side, this includes hands-on support, such as cleaners, repair technicians, or maintenance workers.
A digital signature scheme where only one piece of key material is required to authorize and create signatures from a wallet or account.
A program or code that autonomously executes predefined rules and agreements when specific conditions are met.
A system for encrypting data using an industry-standard encryption or key derivation algorithm
with an encryption key or password such that modern cryptanalysis techniques would require
the estimated global combined computing power and 1,000x more time than the expected life of
the key or seed to decrypt the encrypted data. An example of an encryption algorithm that would
provide the necessary level of security at the time of this writing is AES-256. An example of a
password-based key derivation function is PBKDF2 as described in BIP39. (Wikipedia)
Any anomalous or unexpected behavior identified through the monitoring of audit logs and other technical components within the CCSS Trusted Environment. This includes behaviors or patterns that deviate from established norms or security protocols, such as unauthorized access attempts, unusual transaction patterns, unexpected configuration changes, or other indicators of potential security threats.
Threat modeling works to identify, communicate, and understand threats and mitigations within the context of protecting something of value. Per OWASP.
For the purposes of this specification, trusted environment is defined as the physical location, hardware and software used in any private key related operations.
In the context of most cryptocurrencies, a wallet is a public-private keypair, where some
encoding of the public key (an address) can be used in transaction outputs to transfer funds.
The private key can then be used to generate a valid signature for a transaction spending those
funds. In practice, however, ‘wallet’ usually refers to an application that manages a large
number of these keypairs, allowing a new address to be used for each transaction. Wallet
applications generally fall into one of two categories:
● JBOK (Just a Bunch of Keys) Wallets where the wallet uses a PRNG to generate each
keypair and stores them for use.
● HD (Hierarchical Deterministic) Wallets which derives an arbitrary number of keypairs
from one random seed.
Wallet software can introduce additional complexity, for example by combining multiple keypairs into single addresses, as in the case of a multi-signature wallet. For the purposes of this document, the term ‘wallet’ refers to some collection of cryptocurrency addresses.
