To provide feedback on any of these standards, please contact the Council.
The Node Operation Standard (NOS) defines the baseline security criteria expected of a blockchain node operator with the goal of enabling clients and third-parties to perform safe and confident integrations. Compliance with the NOS signifies that a node operator adheres to industry best practices and has had their security practices rigorously tested and measured.
The goals of the NOS are as follows:
The Token Integration Standard (TIS) is a set of security requirements for a token to help decide whether integrating specific tokens poses known and unacceptable security risks.
The goal of this specification is to provide a set of security requirements for description and use of tokens such that tokens which meet these requirements provide a high level of safety assurance for common integration cases.
To reach these requirements we have considered the combination of technical robustness, operational resilience, and economic integrity ensuring the token’s safe functionality, reliable governance, and protection against malicious or unintended exploits, to capture the inherent trade-offs between trust, security, and decentralization, while being flexible enough for diverse token implementations.
Key management governs the states and state transition of cryptographic key material throughout its entire lifecycle. In many cases, automated systems support key management and those systems are commonly known as key management systems.
The expanding adoption of distributed ledger technology (DLT) and blockchain in regulated and non-regulated industries along with the growing value of digital assets and low entry requirements puts individuals and organizations in a position where they often must take ownership of or start managing cryptographic material to interact with the ledger.
The purpose of this key management standard is to provide guidelines to securely manage blockchain cryptographic keys.
This standard intends to supplement other industry and federal key management guidelines. Compliance with this standard does not imply compliance with any other key management standard, but may be helpful in achieving that.
View the Key Management Standard
In addition to the more specific directed guidance for node operation, asset integration and key management, there are more-general security guidelines that should apply to all entities operating in blockchains, including those not operating blockchain nodes. In some cases, they will defer to the other BSSC standards for more specific guidance, or to other recognized security standards such as ISO 27001, SOC2 or CCSS.
The General Security and Privacy Guidelines(GSP) is a set of requirements that defines baseline risk management, security, and privacy practices that should be implemented by all participants in blockchain. These requirements are categorized according to the NIST Cybersecurity Framework (NIST-CSF) in order to provide a familiar taxonomy in tackling blockchain-based security and privacy concerns.
