This document discusses the threats, risks, and controls related to:
— systems that provide digital asset custodian services and/or exchange services to their customers (consumers and businesses) and management of security when an incident occurs;
— asset information (including the signature key of the digital asset) that a custodian of digital assets manages.
This document is addressed to digital asset custodians that manage signature keys associated with digital asset accounts. In such a case, certain specific recommendations apply.
The following is out of scope of this document:
— core security controls of blockchain and DLT systems;
— business risks of digital asset custodians;
— segregation of customer's assets;
— governance and management issues.