← Frameworks / BSSC Standards / Control Mappings

Blockchain Security Standards Council (BSSC) Standards

Industry-led security standards for blockchain infrastructure, published May 2025. Four complementary standards: Node Operation Standard (NOS) for blockchain node security and resilience, Token Integration Standard (TIS) for digital asset integration and governance, Key Management Standard (KMS) for cryptographic key handling and wallet custody, and General Security & Privacy Standard (GSP) for baseline risk management. Founded by Anchorage Digital, Coinbase, Kraken, Fireblocks, Halborn, and OpenZeppelin.

Controls: 105

Total Mappings: 226

Publisher: Blockchain Security Standards Council (BSSC) Version: 1.0 (May 2025)

BSSC Standards → SP 800-53 SP 800-53 → BSSC Standards Coverage Analysis

AC (7) AT (4) AU (8) CA (6) CM (9) CP (8) IA (4) IR (6) MP (3) PE (6) PL (2) PM (3) PS (5) PT (4) RA (5) SA (5) SC (10) SI (4) SR (6)

AC Access Control

Control	Name	BSSC Standards References
AC-01	Access Control Policies and Procedures	GSP-11
AC-02	Account Management	NOS-05KMS-06GSP-11
AC-03	Access Enforcement	NOS-05TIS-07KMS-06KMS-09GSP-11
AC-04	Information Flow Enforcement	NOS-04TIS-04
AC-05	Separation Of Duties	KMS-04KMS-06GSP-11
AC-06	Least Privilege	NOS-05NOS-08TIS-07KMS-04KMS-05KMS-06KMS-09GSP-11
AC-17	Remote Access	NOS-05

AT Awareness and Training

Control	Name	BSSC Standards References
AT-01	Security Awareness And Training Policy And Procedures	GSP-03
AT-02	Security Awareness	GSP-03
AT-03	Security Training	GSP-03
AT-04	Security Training Records	GSP-03

AU Audit and Accountability

Control	Name	BSSC Standards References
AU-01	Audit And Accountability Policy And Procedures	GSP-12
AU-02	Auditable Events	NOS-06GSP-10GSP-12
AU-03	Content Of Audit Records	GSP-12
AU-06	Audit Monitoring, Analysis, And Reporting	NOS-06GSP-12
AU-09	Protection Of Audit Information	TIS-07KMS-09GSP-12
AU-10	Non-Repudiation	TIS-05KMS-08
AU-11	Audit Record Retention	GSP-12
AU-12	Audit Record Generation	NOS-06

CA Security Assessment and Authorization

Control	Name	BSSC Standards References
CA-01	Certification, Accreditation, And Security Assessment Policies And Procedures	NOS-01TIS-01KMS-01GSP-10
CA-02	Security Assessments	TIS-02TIS-06GSP-10GSP-15
CA-05	Plan Of Action And Milestones	KMS-07
CA-06	Security Accreditation	TIS-08GSP-01
CA-07	Continuous Monitoring	NOS-10GSP-15
CA-08	Penetration Testing	TIS-02GSP-08GSP-15

CM Configuration Management

Control	Name	BSSC Standards References
CM-01	Configuration Management Policy And Procedures	GSP-14
CM-02	Baseline Configuration	NOS-03GSP-14
CM-03	Configuration Change Control	NOS-10TIS-08KMS-07GSP-14
CM-04	Monitoring Configuration Changes	NOS-10
CM-05	Access Restrictions For Change	TIS-08GSP-14
CM-06	Configuration Settings	NOS-03TIS-03GSP-14
CM-07	Least Functionality	NOS-03TIS-03
CM-08	Information System Component Inventory	NOS-03GSP-14
CM-14	Signed Components	NOS-02

CP Contingency Planning

Control	Name	BSSC Standards References
CP-01	Contingency Planning Policy And Procedures	GSP-06
CP-02	Contingency Plan	NOS-07GSP-06
CP-04	Contingency Plan Testing And Exercises	GSP-06
CP-07	Alternate Processing Site	NOS-07
CP-08	Telecommunications Services	NOS-07
CP-09	Information System Backup	NOS-07KMS-10GSP-06
CP-10	Information System Recovery And Reconstitution	NOS-07KMS-10GSP-06
CP-11	Alternate Communications Protocols	GSP-06

IA Identification and Authentication

Control	Name	BSSC Standards References
IA-01	Identification And Authentication Policy And Procedures	GSP-11
IA-02	User Identification And Authentication	NOS-05KMS-06GSP-11
IA-03	Device Identification And Authentication	KMS-04
IA-05	Authenticator Management	NOS-05NOS-08KMS-06KMS-07KMS-08GSP-11

IR Incident Response

Control	Name	BSSC Standards References
IR-01	Incident Response Policy And Procedures	TIS-06GSP-05
IR-02	Incident Response Training	GSP-05
IR-04	Incident Handling	TIS-04GSP-05
IR-05	Incident Monitoring	GSP-05
IR-06	Incident Reporting	GSP-05GSP-08
IR-08	Incident Response Plan	GSP-05

MP Media Protection

Control	Name	BSSC Standards References
MP-04	Media Storage	NOS-08TIS-07KMS-03KMS-05KMS-09KMS-10
MP-05	Media Transport	KMS-05KMS-10
MP-06	Media Sanitization And Disposal	GSP-09

PE Physical and Environmental Protection

Control	Name	BSSC Standards References
PE-02	Physical Access Authorizations	NOS-09
PE-03	Physical Access Control	NOS-09KMS-03KMS-05KMS-09
PE-06	Monitoring Physical Access	NOS-09
PE-11	Emergency Power	NOS-09
PE-12	Emergency Lighting	NOS-09
PE-14	Temperature And Humidity Controls	NOS-09

PL Planning

Control	Name	BSSC Standards References
PL-01	Security Planning Policy And Procedures	NOS-01TIS-01KMS-01GSP-01
PL-02	System Security Plan	NOS-01TIS-08GSP-01

PM Program Management

Control	Name	BSSC Standards References
PM-01	Information Security Program Plan	NOS-01GSP-01
PM-02	Information Security Program Leadership Role	GSP-01
PM-09	Risk Management Strategy	NOS-01TIS-01GSP-01GSP-02GSP-10

PS Personnel Security

Control	Name	BSSC Standards References
PS-01	Personnel Security Policy And Procedures	GSP-04
PS-02	Position Categorization	GSP-04
PS-03	Personnel Screening	GSP-04
PS-06	Access Agreements	GSP-04
PS-07	Third-Party Personnel Security	GSP-04

PT Personally Identifiable Information Processing and Transparency

Control	Name	BSSC Standards References
PT-01	Policy and Procedures	GSP-09
PT-02	Authority to Process Personally Identifiable Information	GSP-09
PT-03	Personally Identifiable Information Processing Purposes	GSP-09
PT-05	Privacy Notice	GSP-09

RA Risk Assessment

Control	Name	BSSC Standards References
RA-01	Risk Assessment Policy And Procedures	TIS-01GSP-02GSP-10
RA-02	Security Categorization	GSP-02
RA-03	Risk Assessment	TIS-01TIS-04TIS-05TIS-06GSP-02
RA-05	Vulnerability Scanning	NOS-10TIS-02GSP-02GSP-08GSP-15
RA-07	Risk Response	GSP-02

SA System and Services Acquisition

Control	Name	BSSC Standards References
SA-04	Acquisitions	TIS-03TIS-06KMS-03GSP-07
SA-08	Security Engineering Principles	TIS-03KMS-02
SA-09	External Information System Services	GSP-07
SA-10	Developer Configuration Management	NOS-02TIS-08
SA-11	Developer Security Testing	NOS-02TIS-02TIS-04GSP-08GSP-15

SC System and Communications Protection

Control	Name	BSSC Standards References
SC-05	Denial Of Service Protection	NOS-04
SC-07	Boundary Protection	NOS-04TIS-04
SC-08	Transmission Integrity	NOS-04TIS-05GSP-13
SC-12	Cryptographic Key Establishment And Management	NOS-08TIS-07KMS-01KMS-02KMS-03KMS-04KMS-05KMS-07KMS-08KMS-09KMS-10GSP-13
SC-13	Use Of Cryptography	NOS-08KMS-01KMS-02KMS-03KMS-08GSP-13
SC-17	Public Key Infrastructure Certificates	KMS-01
SC-20	Secure Name / Address Resolution Service (Authoritative Source)	NOS-04
SC-21	Secure Name / Address Resolution Service (Recursive Or Caching Resolver)	NOS-04
SC-23	Session Authenticity	GSP-13
SC-28	Protection of Information at Rest	GSP-09GSP-13

SI System and Information Integrity

Control	Name	BSSC Standards References
SI-02	Flaw Remediation	NOS-03NOS-10GSP-08
SI-04	Information System Monitoring Tools And Techniques	NOS-06TIS-05GSP-12
SI-05	Security Alerts And Advisories	NOS-06
SI-07	Software And Information Integrity	NOS-02TIS-05

SR Supply Chain Risk Management

Control	Name	BSSC Standards References
SR-01	Policy and Procedures	GSP-07
SR-02	Supply Chain Risk Management Plan	GSP-07
SR-03	Supply Chain Controls and Processes	NOS-02GSP-07
SR-04	Provenance	NOS-02
SR-05	Acquisition Strategies, Tools, and Methods	TIS-06GSP-07
SR-06	Supplier Assessments and Reviews	TIS-02