← Frameworks / Digital Asset Security

Blockchain Security Standards Council (BSSC) Standards

Industry-led security standards for blockchain infrastructure, published May 2025. Four complementary standards: Node Operation Standard (NOS) for blockchain node security and resilience, Token Integration Standard (TIS) for digital asset integration and governance, Key Management Standard (KMS) for cryptographic key handling and wallet custody, and General Security & Privacy Standard (GSP) for baseline risk management. Founded by Anchorage Digital, Coinbase, Kraken, Fireblocks, Halborn, and OpenZeppelin.

Clauses: 43
Avg Coverage: 71.7%
Publisher: Blockchain Security Standards Council (BSSC) Version: 1.0 (May 2025)
BSSC Standards → SP 800-53 SP 800-53 → BSSC Standards Coverage Analysis
Clause Title SP 800-53 Controls
GSP-01 Information Security Governance and Leadership
PM-01 PM-02 PM-09 PL-01 PL-02 CA-06
GSP-02 Risk Assessment and Management Framework
RA-01 RA-02 RA-03 RA-05 RA-07 PM-09
GSP-03 Security Awareness and Training
AT-01 AT-02 AT-03 AT-04
GSP-04 Personnel Security and Background Screening
PS-01 PS-02 PS-03 PS-06 PS-07
GSP-05 Incident Detection, Response, and Reporting
IR-01 IR-02 IR-04 IR-05 IR-06 IR-08
GSP-06 Business Continuity and Operational Resilience
CP-01 CP-02 CP-04 CP-09 CP-10 CP-11
GSP-07 Third-Party and Supply Chain Risk Management
SR-01 SR-02 SR-03 SR-05 SA-09 SA-04
GSP-08 Vulnerability Disclosure and Bug Bounty
RA-05 SI-02 CA-08 IR-06 SA-11
GSP-09 Data Protection and Privacy
PT-01 PT-02 PT-03 PT-05 SC-28 MP-06
GSP-10 Regulatory Compliance and AML/CFT Controls
CA-01 CA-02 PM-09 RA-01 AU-02
GSP-11 Access Control and Identity Management
AC-01 AC-02 AC-03 AC-05 AC-06 IA-01 IA-02 IA-05
GSP-12 Logging, Audit, and Monitoring
AU-01 AU-02 AU-03 AU-06 AU-09 AU-11 SI-04
GSP-13 Encryption and Data-in-Transit Protection
SC-08 SC-12 SC-13 SC-23 SC-28
GSP-14 Change Management and Configuration Control
CM-01 CM-02 CM-03 CM-05 CM-06 CM-08
GSP-15 Penetration Testing and Security Assessments
CA-02 CA-07 CA-08 RA-05 SA-11
KMS-01 Cryptographic Key Management Policy
SC-12 SC-13 SC-17 PL-01 CA-01
KMS-02 Key Generation and Randomness
SC-12 SC-13 SA-08
KMS-03 Hardware Security Module (HSM) and Secure Enclave Usage
SC-12 SC-13 PE-03 MP-04 SA-04
KMS-04 Multi-Party Computation (MPC) and Threshold Signing
SC-12 AC-05 AC-06 IA-03
KMS-05 Cold Storage and Air-Gapped Key Custody
MP-04 MP-05 PE-03 AC-06 SC-12
KMS-06 Key Access Control and Multi-Signature Authorisation
AC-02 AC-03 AC-05 AC-06 IA-02 IA-05
KMS-07 Key Rotation, Revocation, and Lifecycle Management
SC-12 IA-05 CM-03 CA-05
KMS-08 Block Proposal and Signing Security
SC-12 SC-13 IA-05 AU-10
KMS-09 Wallet Custody Architecture and Controls
SC-12 AC-06 AC-03 MP-04 PE-03 AU-09
KMS-10 Key Backup, Recovery, and Disaster Recovery
CP-09 CP-10 SC-12 MP-04 MP-05
NOS-01 Node Infrastructure Governance and Policy
PL-01 PL-02 PM-01 PM-09 CA-01
NOS-02 Node Software Integrity and Supply Chain
SA-10 SA-11 SR-03 SR-04 SI-07 CM-14
NOS-03 Consensus Client Configuration Hardening
CM-02 CM-06 CM-07 CM-08 SI-02
NOS-04 Peer Network Security and Isolation
SC-07 SC-05 SC-08 AC-04 SC-20 SC-21
NOS-05 Node Access Control and Authentication
AC-02 AC-03 AC-06 IA-02 IA-05 AC-17
NOS-06 Node Monitoring and Anomaly Detection
AU-02 AU-06 AU-12 SI-04 SI-05
NOS-07 Node Resilience, Backup, and Recovery
CP-02 CP-09 CP-10 CP-07 CP-08
NOS-08 Validator Key Operational Security
SC-12 SC-13 IA-05 AC-06 MP-04
NOS-09 Node Physical and Environmental Security
PE-02 PE-03 PE-06 PE-11 PE-12 PE-14
NOS-10 Node Vulnerability Management and Patching
RA-05 SI-02 CA-07 CM-03 CM-04
TIS-01 Token Integration Governance and Risk Assessment
RA-01 RA-03 PM-09 PL-01 CA-01
TIS-02 Smart Contract Security and Auditing
SA-11 CA-02 CA-08 RA-05 SR-06
TIS-03 Token Standard Compliance and Configuration
CM-06 CM-07 SA-04 SA-08
TIS-04 Bridge and Cross-Chain Integration Security
SC-07 AC-04 RA-03 SA-11 IR-04
TIS-05 Oracle Security and Price Feed Integrity
SI-07 SI-04 RA-03 SC-08 AU-10
TIS-06 DeFi Protocol Integration Controls
RA-03 SA-04 CA-02 IR-01 SR-05
TIS-07 Token Custody and Asset Segregation
AC-06 SC-12 MP-04 AC-03 AU-09
TIS-08 Smart Contract Upgrade and Governance
CM-03 CM-05 SA-10 CA-06 PL-02