By Joe D’Annolfo, Sr. Manager, Security & Technology GRC, Coinbase and BSSC Member
When the Blockchain Security Standards Council (BSSC) first set out to develop its core standards, the General Security and Privacy (GSP) standard wasn’t originally on the roadmap. However, after we noticed recurring security and privacy requirements appearing throughout, we chose to create a separate standard instead of repeating guidance. The result is the GSP standard, a foundational layer that underpins the rest of the BSSC standards and helps tie them together into a cohesive, interoperable package.
A Foundational “On-Ramp” to Security
The GSP standard is designed to sit at the base of the BSSC standards stack. The concept is straightforward: the standard covers basic security and privacy requirements that every organization in this field should consider, no matter their size, experience level, or area of focus. We intentionally designed the GSP standard to be approachable. It serves as a non-ramp to security best practices for both brand-new crypto companies and well-established organizations. Rather than assuming deep prior expertise, it focuses on core concepts and practical expectations that every company operating in the ecosystem should be thinking about.
Built from Real-World Due Diligence
One of the unique aspects of this standard is how it was developed. Much of it draws directly from real-world due diligence questionnaire (DDQ) requirements. In fact, you can almost think of it as a thoughtfully structured DDQ, since it captures the baseline security, risk management, and privacy questions that consistently come up when organizations evaluate one another. These are practical challenges that companies must address to operate responsibly in this field.
Aligned with Established Frameworks, Without Repeating Them
The GSP standard is informed by well-known and widely respected standards, including ISO frameworks, SOC 2, and the NIST Cybersecurity Framework (CSF). Using NIST CSF as a foundation helps make the standard more accessible, especially for teams already familiar with its structure and terminology. At the same time, BSSC was careful not to simply restate existing standards. A core principle of our work is improvement, not duplication. The GSP standard translates and simplifies established best practices into guidance that is directly relevant to blockchain and crypto-native organizations.
Addressing Security, Risk, and Privacy in a Crypto-Native Context
The GSP standard covers key areas such as:
Privacy, in particular, takes on unique meaning in the crypto space. Questions like “Is a wallet address private?” don’t always have straightforward answers, and this standard encourages organizations to think carefully and deliberately about these nuances rather than relying on assumptions drawn from traditional industries or the inherent public nature of blockchain activities.
A Strong Foundation for the Entire Standards Suite
By introducing the GSP standard as foundational, BSSC ensures that its broader standards ecosystem is consistent, cohesive, and easier to adopt. Organizations can start with the GSP standard to establish a solid security and privacy baseline, then build on that foundation as they engage with more specialized standards.
In short, the GSP standard reflects how security and privacy work in the real world: they’re not isolated concerns, but shared responsibilities that underpin everything else.
Learn more about this and all our first four standards in our recent webinar.
To learn more or get involved with the Blockchain Security Standards Council, visit https://www.blockchainssc.org/membership.
