MegaplanIT

Full Spectrum

Solutions

We specialize in over 48 technically advanced cybersecurity and compliance services designed to protect cardholder and other sensitive data, secure in-scope networks, systems, and website applications.

Managed Security Solutions >

Compliance Assessments>

Security Testing >

Consulting Services >

Customer Reviews

we are grateful to receive their feedback on our service.

Who We Are

we are grateful to receive their feedback on our service.

Managed Security Solutions >

Powerful, optimized SIEM running 24/7/365.

Real-time active threat intelligence. Rapidly find and contain intrusions.

Powerful, optimized SIEM running 24/7/365.

Track & Respond To Suspicious Activity In Your Network Traffic

Empower your incident response and security operations functions with real-time active threat intelligence.

Full Spectrum

Solutions

We specialize in over 48 technically advanced cybersecurity and compliance services designed to protect cardholder and other sensitive data, secure in-scope networks, systems, and website applications.

Managed Security Solutions >

Compliance Assessments>

Security Testing >

Consulting Services >

Customer Reviews

we are grateful to receive their feedback on our service.

Who We Are

we are grateful to receive their feedback on our service.

Managed Security Solutions >

Powerful, optimized SIEM running 24/7/365.

Real-time active threat intelligence. Rapidly find and contain intrusions.

Powerful, optimized SIEM running 24/7/365.

Track & Respond To Suspicious Activity In Your Network Traffic

Empower your incident response and security operations functions with real-time active threat intelligence.

Full Spectrum

Solutions

We specialize in over 48 technically advanced cybersecurity and compliance services designed to protect cardholder and other sensitive data, secure in-scope networks, systems, and website applications.

Managed Security Solutions >

Compliance Assessments>

Security Testing >

Consulting Services >

Customer Reviews

we are grateful to receive their feedback on our service.

Who We Are

we are grateful to receive their feedback on our service.

Managed Security Solutions >

Powerful, optimized SIEM running 24/7/365.

Real-time active threat intelligence. Rapidly find and contain intrusions.

Powerful, optimized SIEM running 24/7/365.

Track & Respond To Suspicious Activity In Your Network Traffic

Empower your incident response and security operations functions with real-time active threat intelligence.

Why Choose Us?

Our expert security consultants and QSAs are fully certified across multiple disciplines and have decades of experience helping businesses stay protected against an ever-evolving cyber threat landscape. We build long-term relationships with our clients and provide holistic service offering to meet all their security and compliance needs while outlining a path to continued improvements within their internal security program(s).

Why Choose Us?

Our expert security consultants and QSAs are fully certified across multiple disciplines and have decades of experience helping businesses stay protected against an ever-evolving cyber threat landscape. We build long-term relationships with our clients and provide holistic service offering to meet all their security and compliance needs while outlining a path to continued improvements within their internal security program(s).

Compliance Services

Cryptocurrency Security Standard Compliance

The cryptocurrency security standard is the techniques and methodologies used by systems around the globe, end-users will be able to easily make educated decisions about which products and services to use and with which companies they wish to align with.

Compliance Services

Cryptocurrency Security Standard Compliance

The cryptocurrency security standard is the techniques and methodologies used by systems around the globe, end-users will be able to easily make educated decisions about which products and services to use and with which companies they wish to align with.

Cryptocurrency Security Standard Compliance

Service Overview

Cryptocurrency Security Standard

Cryptocurrency Security Standard (CCSS) is a set of requirements for all information systems that make use of cryptocurrencies, including exchanges, web applications, and cryptocurrency storage solutions.

CCSS is a standard that augments standard information security practices. As with any standard, knowledgeable and experienced security professionals and/or auditors are necessary when implementing any information system to ensure coverage of all classes of attack as well as the appropriate handling of all potential risks.

Our Approach

MegaplanIT can guide your organization through the steps of your CryptoCurrency Security Standard assessment. CCSS is designed to complement existing information security standards (i.e. ISO 27001:2013) by introducing guidance for security best practices with respect to cryptocurrencies such as Bitcoin, Ethereum, Light Coin, etc. CCSS is not designed to substitute or replace these standards; in fact, following the CCSS to the letter while ignoring standards like ISO 27001:2013 will likely lead to compromise.

Key Benefits:

CCSS Assessments

Highly experienced, fully-certified assessors

Identify any configuration errors or compliance issues

Secure important communications against all threats

Get expert security advice and guidance

CryptoCurrency Security Standard Coverage

CCSS covers a list of 10 security aspects of an information system that stores, transacts with, or accepts cryptocurrencies.  The minimum value of all 10 aspects determines an information system’s overall score within three (3) levels of increasing security: Level I is the lowest and offers strong security measures, while Level III is the highest and offers the most comprehensive security.

These 10 aspects are organized into 2 domains that help structure the guidelines. A summary of the standard can be seen in the below example which depicts sample results after auditing Acme Exchange, a “Level I” system. You’ll note that even though there are some aspects with scores in the Level II and Level III range, Acme Exchange is classified a Level I system overall since that is the lowest consistent grade across all aspects:

Security Standard Levels

Level 1

An information system that has achieved Level I security has proven by way of audit that they protect their information assets with strong levels of security. Most risks to the system’s information assets have been addressed by controls that meet industry guidelines. While this is the lowest level within CCSS, it still represents strong security.

Level 2

An information system that has achieved Level II security has proven by way of audit that they exceed strong levels of security with additional enhanced controls. In addition to covering most risks to the information system’s assets, the use of decentralized security technologies such as multiple signatures have been employed which exceed industry guidelines and provide redundancy if any one key or person becomes unavailable or compromised.

Level 3

An information system that has achieved Level III security has proven by way of audit that they exceed enhanced levels of security with formalized policies and procedures that are enforced at every step within their business processes. Multiple actors are required for all critical actions, advanced authentication mechanisms ensure authenticity of all data, and assets are distributed geographically and organizationally in such a way to be resilient against compromise of any person or organization.

Level 1

An information system that has achieved Level I security has proven by way of audit that they protect their information assets with strong levels of security. Most risks to the system’s information assets have been addressed by controls that meet industry guidelines. While this is the lowest level within CCSS, it still represents strong security.

Level 2

An information system that has achieved Level II security has proven by way of audit that they exceed strong levels of security with additional enhanced controls. In addition to covering most risks to the information system’s assets, the use of decentralized security technologies such as multiple signatures have been employed which exceed industry guidelines and provide redundancy if any one key or person becomes unavailable or compromised.

Level 3

An information system that has achieved Level III security has proven by way of audit that they exceed enhanced levels of security with formalized policies and procedures that are enforced at every step within their business processes. Multiple actors are required for all critical actions, advanced authentication mechanisms ensure authenticity of all data, and assets are distributed geographically and organizationally in such a way to be resilient against compromise of any person or organization.

Cryptocurrency Security Standard

Key / Seed Generation

Level 1

Level 2

Level 3

Cryptocurrency Security Standard

Level 1

Level 2

Level 3

Key / Seed Generation

Wallet Creation

Key Storage

Key Usage

Key Compromise Policy

Keyholder Grant/Revoke Policies & Procedures

Third-Party Security Audits/Pentests

Data Sanitization Policy

Proof of Reserve

Audit Logs

What Is The Applicability?

The CCSS applies to any information system that makes use of cryptocurrencies or any Information System that handles cryptocurrencies as part of its business logic. This includes (but is not limited to):

A bitcoin and a dollar sign next to each other demonstrating cryptocurrency.

Cryptocurrency Exchanges

i.e. Information Systems that allow its users to exchange cryptocurrencies for other forms of money

Cryptocurrency market.

Cryptocurrency Marketplaces

i.e. Information Systems that allow its users to exchange cryptocurrencies for other goods and services

A dice and cryptocurrency security compliance.

Cryptocurrency Games

Information Systems that allow users to gamble their cryptocurrencies for a chance at winning more

Bitcoin, ethereum, litecoin, bitcoin cash comply with Cryptocurrency Security Standard.

Cryptocurrency Processors

i.e. Information Systems that automate the acceptance of cryptocurrencies for payment

A secure box containing a bitcoin, ensuring compliance with cryptocurrency standards.

Cryptocurrency Storage

i.e. Information Systems that facilitate the receipt and transmission of cryptocurrencies amongst other actors

Industry Leading Certified Experts

Managed Security, Managed Compliance, and Security Consulting all under one roof make us the leader in asset protection.

PCI QSA
The PCI logo on a white background with a Software Security emphasis.
Pci approved scanning vendor logo for software security.
Pci point-to-point encryption with robust Software Security.
The logo for aicpa soc 2, which signifies PCI Software Security Framework Assessment.
The logo for soc 2 2020 assure professional with PCI Compliance.
A blue and white logo with a globe in the middle.
MegaplanIT GPEN Certification
A blue logo with the letter m on it.

Make Our Team, Your Team!

Our innovative IT security and compliance solutions are designed to deliver customized, cost-effective service on time—because your priorities are our priorities. With a highly qualified team of PCI-DSS QSAs, Penetration Testers, and Information Security Consultants here at MegaplanIT, we will assess your unique company and business environment and design a path to security that will fit all of your needs.