Those with an interest in the success and security of blockchain systems—ranging from design architects, auditors, and other risk assessment professionals to academics and customers—benefit from the standardization of blockchain, cryptocurrency, and distributed ledger technology (DLT).
The Need for Blockchain Standardization
Cryptocurrency’s popularity has surged, hitting a trading volume as high as $68.3 billion on a single day. Records of cryptocurrency transactions are maintained through blockchain, a cryptographically secured distributed ledger of confirmed blocks (structured data comprising transaction records) organized in an sequential chain.
While it is an emerging technology, blockchain has proliferated. Financial institutions are beginning to build core system architectures using blockchain technology for data storage and processing. Introducing blockchain in distributed systems architecture presents new end points, vulnerabilities, transaction processing rules, methods for privacy protections, dispute resolution, adherence to governance agreements, competition for enterprise-adoption, and reporting requirements. Standards for cryptocurrency and blockchain help to address these many issues, fill any gaps in knowledge, and harmonize practices.
We’ve outlined major voluntary consensus standards and technical reports for cryptocurrency, blockchain, and DLT below.
Vocabulary for Blockchain and Cryptocurrency
Essential for cryptocurrency and blockchain is a universal understanding of its topics. An international standard, ISO 22739:2020 – Blockchain And Distributed Ledger Technologies – Vocabulary, provides foundational terms, featuring definitions for blockchain, crypt-asset, cryptocurrency, and numerous other topics pertinent to this area of interest and its standardization.
With the vast relevancy of cryptocurrency, this standard’s target audience spans academics, solution architects, customers, users, tool developers, regulators, auditors and standards development organizations.
General Requirements for Cryptocurrency Exchanges
Many know blockchain in the context of trading cryptocurrency. An IEEE standard, IEEE 2140.1-2020: General Requirements For Cryptocurrency Exchanges, promotes quality of service, transparency, fairness, and security with the goal of developing a cooperative and healthy ecosystem for the cryptocurrency market. This standard focuses on reaching a consensus from a business perspective, notably to protect consumer rights in cryptocurrency exchange.
IEEE 2140.1-2020 involves multiple aspects of cryptocurrency exchange platforms, including their self-discipline and professional ethics. It also describes the exchanges’ business logic and some technical requirements.
Custodian Framework of Cryptocurrency
In token assets and cryptocurrency, custodian services, or services provided by third-party banks or securities firms in the financial and investment fields, have been in need of an agreed-upon framework. IEEE 2140.5-2020: IEEE Standard For A Custodian Framework Of Cryptocurrency defines a standard framework of a custodian service for cryptocurrency and digital assets. In addition to the architecture, this framework includes business logic description, custodian service business models, digital asset evaluation criteria, operational procedure models, and regulatory requirement support models.
Blockchain Risk Assessment Framework
Several technical reports detail essential considerations for blockchain. A technical report differs from a standard, as, according to ISO:
“It may include data obtained from a survey, for example, or from an informative report, or information of the perceived ‘state of the art’.”
Any emerging technology, like cryptocurrency, faces unfamiliarity from the public. A technical report developed by Accredited Standards Committee X9 (ASC X9), ASC X9 TR 54-2021: Blockchain Risk Assessment Framework, provides its readers with background terminology and concepts of a blockchain system. It can be used for multiple purposes, including system design reviews, internal control planning, or internal and external audits.
Specifically, this technical report provides a framework for the performance of operational risks related to information technology (interoperability, resiliency, accessibility, and software maintenance) and information security (data integrity, confidentiality, authentication, authorization, and accountability) areas on blockchain systems and applications within a distributed network.
ASC X9 TR 54-2021 is notable for its Section 5, “Risk Assessment Questionnaire,” which offers a series of questions for identifying the blockchain environment and potential risks and a set of high-level IT control objective statements.
Blockchain Privacy and PII Protection
ISO has also developed a series of technical reports for blockchain.
Privacy and personally identifiable information (PII) have emerged as a significant barrier for the adoption of DLT-based solutions. In fact, even if a blockchain and DLT system appears to process no PII, the system and any processing, storage, transmission and disclosure can still have an impact on a PII principal.
To address this, ISO/TR 23244:2020 – Blockchain And Distributed Ledger Technologies – Privacy And Personally Identifiable Information Protection Considerations provides an overview of the issues and practical concerns related to privacy and PII protection in the context of blockchain. This includes not only the identification and assessment of known privacy-related risks and their mitigation, but also the privacy-enhancing potential of blockchain and distributed ledger technology.
Smart Contracts in Blockchain and Distributed Ledger Technology Systems
As defined in ISO 22739:2020, a smart contract is a:
“Computer program stored in a DLT system wherein the outcome of any execution of the program is recorded on the distributed ledger.”
As automated applications on blockchain systems, smart contracts are a key development step from early stage, purely transaction oriented blockchains to more interactive technologies. The specific implementations of smart contracts in blockchain/DLT system can vary significantly.
The technical report ISO/TR 23455:2019 – Blockchain And Distributed Ledger Technologies – Overview Of And Interactions Between Smart Contracts In Blockchain And Distributed Ledger Technology Systems describes what smart contracts are and how they work. In general, it focuses on the technical aspects of smart contracts. It also discusses methods of interaction between multiple smart contracts.
Security Management of Digital Asset Custodians
Digital asset custodian systems hold customers’ digital assets for safekeeping. The goal here is to minimize the risk of theft or loss of the customer assets.
ISO/TR 23576:2020 – Blockchain And Distributed Ledger Technologies – Security Management Of Digital Asset Custodians discusses the security risks, threats, and controls of systems that provide digital asset custodian services to their customers (and management security, in the event of an incident) and asset information (including the signature key of the digital asset) that a custodian of digital assets manages.
Based on best practices, existing standards, and research, this technical report illustrates the threats, risks, and controls that digital asset custodians consider, design, and implement to protect the assets of their customers. The management of signature keys for digital assets requires special attention, so ISO/TR 23576:2020 gives specific recommendations.
Blockchain Standards Packages
These standards and technical reports together address the multitude of interests and concerns pertinent to blockchain and cryptocurrency. Those who need to acquire these standards together can do so through standards packages on the ANSI Webstore.