The current BSSC Standards (with publication date) are:
To provide feedback on any of these standards, please contact the Council.
Version 2, published 14 May 2026.
In addition to the more specific directed guidance for node operation, asset integration and key management, there are more-general security guidelines that should apply to all entities operating in blockchains, including those not operating blockchain nodes. In some cases, they will defer to the other BSSC standards for more specific guidance, or to other recognized security standards such as ISO 27001, SOC2 or CCSS.
The General Security and Privacy Guidelines(GSP) is a set of requirements that defines baseline risk management, security, and privacy practices that should be implemented by all participants in blockchain. These requirements are categorized according to the NIST Cybersecurity Framework (NIST-CSF) in order to provide a familiar taxonomy in tackling blockchain-based security and privacy concerns.
View the BSSC General Security and Privacy Standard version 2
Version 1, published 13 May 2025.
Key management governs the states and state transition of cryptographic key material throughout its entire lifecycle. In many cases, automated systems support key management and those systems are commonly known as key management systems.
The expanding adoption of distributed ledger technology and blockchain in regulated and non-regulated industries along with the growing value of digital assets and low entry requirements puts individuals and organizations in a position where they often must take ownership of or start managing cryptographic material to interact with the ledger.
The purpose of this Key Management Standard is to provide guidelines to securely manage blockchain cryptographic keys.
View the Key Management Standard version 1
Version 2, published 14 May 2026.
The Node Operation Standard defines the baseline security criteria expected of a blockchain node operator with the goal of enabling clients and third-parties to perform safe and confident integrations. Compliance with the NOS signifies that a node operator adheres to industry best practices and has had their security practices rigorously tested and measured.
The goals of the Node Operation Standard are:
View the BSSC Node Operation Standard version 2
Version 1, published 14 May 2026.
Smart contract security failures, including issues such as weak access control, vulnerability to re-entrancy attack, or simple programming bugs, have caused losses totalling billions of dollars.
The Smart Contract Security Standard aims to address this problem by providing
View the BSSC Smart Contract Security Standard version 1
Version 1, published 13 May 2025.
The Token Integration Standard is a set of security requirements for a token to help decide whether integrating specific tokens poses known and unacceptable security risks.
The goal of this specification is to provide a set of security requirements for description and use of tokens such that tokens which meet these requirements provide a high level of safety assurance for common integration cases.
To reach these requirements we have considered the combination of technical robustness, operational resilience, and economic integrity ensuring the token’s safe functionality, reliable governance, and protection against malicious or unintended exploits, to capture the inherent trade-offs between trust, security, and decentralization, while being flexible enough for diverse token implementations.
