Fireblocks has become the first company in the world to achieve a Cryptocurrency Security Standard (CCSS) Qualified Service Provider Level 3 certification by the Cryptocurrency Certification Consortium (C4). The certification was awarded after weeks of rigorous audits into Fireblocks’ hot and cold wallet creation, key generation, the secure transfer environment, authorization workflows, and in-depth reviews of the systems providing cryptocurrency functions.
Marc Krisjanous IT Security Consultant at Confide and CCSS Auditor
An in-depth and rigorous audit was conducted of Fireblocks’ people, processes, and technology components for compliance with the CCSS and found that Fireblocks went above and beyond the CCSS Level 3 requirements. Confide is excited to confirm that Fireblocks met all CCSS Level 3 requirements and is the first system to become certified against the CCSS in the world.
Why C4 audits are critical for digital asset service providers
The CCSS, which was introduced by C4 in 2014, has become the gold standard for any platform that manages crypto wallets as part of its business logic. According to Deloitte, the CCSS is designed to augment standard information security practices and complement existing standards such as SOC2 Type II, ISO 27001, ISO 27017, and ISO 27018 – all of which has been awarded to Fireblocks.
Previous audits and assessments performed on Fireblocks have focused on infrastructure or code reviews. The CCSS Level 3 certification is unique in both its focus areas and the rigor of the audit itself.
The C4 audit was focused on the Fireblocks system – including hot and cold wallet creation, key generation, the secure transfer environment, authorization workflows, and in-depth reviews of the systems providing cryptocurrency functions.
The external, independent C4-certified auditor also conducted over 80 hours of interviews with Fireblocks personnel and performed background checks on relevant parties throughout the organization. Fireblocks was also asked to present over 120 artifacts on our policies, procedures, and security of our CCSS Trusted Environment, which consists of the Fireblocks Hot and Cold Vaults, Fireblocks Secure Transfer Environment, and Fireblocks Authorization Workflow.
Committed to delivering the highest security standards
Our CCSS Level 3 certification not only demonstrates the strength of our security posture, but also helps pave the way for our customers to achieve the certification themselves. For your organization to achieve a Level 3 certification, your digital asset service providers need to have been certified at the same level.
View Fireblocks’ Certificate of Compliance here.
Looking to keep up with the latest developments in the digital asset industry, including security and beyond? Subscribe to our newsletter for the latest industry news, thought leadership, product updates, and more.