Hiring a CryptoCurrency Security Standard (CCSS) Implementer (CCSSI) is optional. Some entities choose to engage a CCSSI to help prepare for a CCSS audit, while others prepare internally.
A CCSSI is trained to understand the CCSS requirements and can help an entity prepare for the audit by identifying systems and components that may fall within scope, performing a gap assessment, developing remediation plans, preparing risk assessments, threat models, architecture diagrams, policies, and procedures, implementing controls, and organizing the documentation and evidence needed for the audit. Working with a CCSSI may help streamline the preparation process and reduce the time and effort required to prepare for an audit. You can find a list of certified CCSSIs on our Certified CCSSI Page.
Entities may also choose to prepare internally by reviewing the CCSS requirements, performing a gap assessment, implementing the necessary controls, and gathering the documentation and evidence needed for the CCSS audit.
Regardless of how an entity prepares, the same CCSS requirements and audit criteria apply. The CCSS Auditor (CCSSA) independently audits the system for compliance with the standard, regardless of whether the entity prepared internally or with the assistance of a CCSSI.