CCSS Training

To begin enrollment in our CCSS training

Complete This Form

Current dates are (Singapore Time, UTC+8 | 9:00 AM–5:00 PM):

  • Foundations (required pre-req): Nov 11–12
  • Auditor Course (CCSSA): Nov 18-19
  • Implementer Course (CCSSI): Nov 25-26

New dates are announced quarterly. 

Overview

The CryptoCurrency Security Standard (CCSS) is a security standard purpose-built for systems that use crypto assets. It focuses on the risks unique to crypto and complements broader frameworks like ISO 27001.

Certification is issued to systems (not companies) at Levels 1–3, based on evidence that controls are implemented and operating as intended under CCSS.

In order for an entity to have a system(s) certified, they must be audited by a certified CCSSA. 

Entities interested in having a system audited can:

Individuals interested in attaining CCSS Implementer or Auditor certifications, see below for information about our training program.

The CCSS Training Program

Every new CCSS Implementer and Auditor must attend and participate in the entirety of our live, virtual CCSS Training Program and pass the associated exam in order to be certified. 

To find out which path is right for you, take our self assessment. 

Prospective CCSS Implementers and CCSS Auditors both start with C4’s Foundations course, then chooses one (or both) tracks:

  1. Foundations (required first) - 2 days (16 hours total)
    Build a shared baseline across the whole Standard: how the CCSS is structured, how to scope a system, and how to recognize sufficient evidence for each control.
  2. Choose a track - 2 days (16 hours) per track
    • CCSSI (Implementer) Track: Design and sequence controls for a real system, map gaps to requirements, and produce practical artifacts (procedures, diagrams, key ceremony documentation).
    • CCSSA (Auditor) Track: Plan and execute an audit workflow end-to-end. Scoping and sampling, evidence-gathering, interviews, and defensible findings.

Why Train With C4?

  • Official: C4 created the CCSS and maintains CCSS v9.0, the exam objectives, and certification processes.
  • Practical: Taught by practitioners who build and audit crypto systems.
  • Credible: Training maps directly to the CCSS, designed and taught by CCSS experts.

Course Topics:

  • CCSS Overview
  • Levels + System Designations
  • Scoping + Trusted Environment
  • Key Material and Wallet Generation
  • Key Storage + Key Usage
  • Key Compromise
  • Security Tests + Audits
  • Data Sanitization
  • Audit Logs

Outcomes You Can Expect:

  • Foundations: Develop a rigorous understanding of the entire CCSS v9.0, system scope, and the ability to navigate aspects, controls, levels, and evidence expectations as well as accurately interpret the intent of each control. 
  • Implementer (CCSSI): Design, sequence, and document CCSS v9.0 controls for a system– mapping gaps to requirements, selecting and justifying control designs, managing dependencies and risk, and producing implementation-ready artifacts.
  • Auditor (CCSSA): Determine scope, sufficiency of evidence (including sampling), conduct interviews and walkthroughs, map findings to aspects/controls/levels, and issue defensible conclusions with audit-ready artifacts.

To begin enrollment in our CCSS training

Complete This Form

Current dates are (Singapore Time, UTC+8 | 9:00 AM–5:00 PM):

  • Foundations (required pre-req): Nov 11–12
  • Auditor Course (CCSSA): Nov 18-19
  • Implementer Course (CCSSI): Nov 25-26

New dates are announced quarterly. 

The CryptoCurrency Security Standard (CCSS) has been updated to version 9.0. See the updated CCSS here.

Systems certified under 8.1 are still valid.

View Now