How is the scope of a CCSS audit determined?

How is the scope of a CCSS™ audit determined?

The scope of a CryptoCurrency Security Standard (CCSS) audit is determined by identifying the system being assessed and its CCSS Trusted Environment—the people, processes, and technology that could affect the security of the system’s key material.

Before the audit begins, the entity and the CCSS auditor (CCSSA) work together to establish an initial audit scope. As the audit progresses, the scope may be refined as additional information is obtained and the CCSSA better understands the system and its Trusted Environment.

Clearly defining the audit scope is important because, if the system is successfully certified, the resulting Certificate of Compliance applies only to the system and scope that were audited.

Date Updated: July 6, 2026
Article Number: 32
Back to FAQ