What is ISO/TR 23576 about?
ISO/TR 23576 discusses the threats, risks, and controls related to systems that provide digital asset custodian services and exchange services to their customers (consumers and businesses) and management of security when an incident occurs and also related to asset information (including the signature key of the digital asset) that a custodian of digital assets manages.
ISO/TR 23576 is addressed to digital asset custodians that manage signature keys associated with digital asset accounts. In such a case, certain specific recommendations apply.
NOTE: The following does not covered by ISO/TR 23576:
- Core security controls of blockchain and DLT systems
- Business risks of digital asset custodians
- Segregation of customer’s assets
- Governance and management issues
Who is ISO/TR 23576 for?
ISO/TR 23576 on blockchain and distributed ledger technologies is useful for:
- Government financial management system
- Manufacturing companies
- Government authorities
- Regulatory bodies
- Research and development team
Why should you use ISO/TR 23576?
The objectives of a security management system for digital asset custodians are to establish, maintain and continuously improve a security-providing environment for the assets they protect.
A digital asset custodian holds customers' digital assets for safekeeping in order to minimize the risk of their theft or loss. ISO/TR 23576 illustrates the security risks, threats, and measures which digital asset custodians consider, design, and implement which helps to protect the assets of their customers, based on best practices, existing standards and research.
ISO/TR 23576 describes the different types of keys which can be used for signature and encryption within a digital asset custodian system. Types of keys includes Signature key, Verification key, Encryption/decryption key for signature key.