This document discusses the threats, risks, and controls related to:
- systems that provide digital asset custodian services and/or exchange services to their customers (consumers and businesses) and management of security when an incident occurs;
- asset information (including the signature key of the digital asset) that a custodian of digital assets manages.
This document is addressed to digital asset custodians that manage signature keys associated with digital asset accounts. In such a case, certain specific recommendations apply.
The following is out of scope of this document:
- core security controls of blockchain and DLT systems;
- business risks of digital asset custodians;
- segregation of customer's assets;
- governance and management issues.