CSA Official Press Release
Published 01/23/2025
Cloud Security Alliance Issues Series of Tools to Assist Organizations in Mitigating Cybersecurity Risks Associated with Distributed Ledger Technology
Documents provide critical resources for creating a more secure environment for all shared network participants
SEATTLE – Jan. 23, 2025 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released the Distributed Ledger Technology (DLT) Cybersecurity Governance Framework, which was designed to assist professionals and organizations in identifying and effectively mitigating cybersecurity risks associated with DLT. The Framework, along with two accompanying documents also issued today — the DLT Cybersecurity Governance Framework User Guide and the DLT Cybersecurity Governance Framework Report — serve as indispensable tools for security and risk management leaders, auditors, and regulators in the financial industry looking to secure their DLT environments.
A DLT consortium is formed when member organizations collaborate to operate a DLT network through which they can securely share data. Doing this allows for increased integrity, transactional transparency, long-term stability, immutability, and protection of sensitive information within the group. But in order to achieve this, it’s imperative that both the responsibilities of consortium members managing the solution and the technology used to deploy the DLT solution are governed.
In response, CSA’s Blockchain and Distributed Ledger Working Group drafted the Framework, which takes a risk-based approach to managing DLT-related cybersecurity threats. It provides DLT consortium members with a repeatable, measurable, and layered risk-management process that balances security needs with business priorities and risk appetite.
“While DLT presents promising opportunities across diverse industries, securing these networks necessitates a robust governance framework. Strong governance has many benefits — it enhances security, fosters trust among consortium stakeholders, and, if done properly, aligns with emerging regulatory standards and best practices,” said Hillary Baron, Senior Technical Director for Research, Cloud Security Alliance. “By adhering to the guidelines and leveraging the tools CSA issued today, DLT consortia will be able to establish secure and compliant DLT environments.”
Key features of the Framework include the DLT Inherent Cybersecurity Risk Profile (ICRP), which offers a quantitative assessment of DLT-related cybersecurity risks, and the DLT Cybersecurity Maturity Core (CMC), a risk-based mitigation modeling Core that aligns with the NIST Cybersecurity Framework Core. For practical application, the DLT ICRP and DLT CMC components have been developed as the DLT Cybersecurity Governance Tool, an interactive modeling tool which assists a DLT consortium’s security and risk management leadership in making informed decisions about managing risks in a distributed DLT environment.
The accompanying DLT Cybersecurity Governance Framework User Guide provides step-by-step instructions on utilizing the DLT Cybersecurity Governance Tool. It outlines procedures for adjusting risk profiles based on the DLT consortium’s risk appetite and goals, as well as methods for generating and modeling risk mitigation strategies prior to wholesale deployment of security controls in a distributed DLT environment.
Meanwhile, the DLT Cybersecurity Governance Framework Report focuses on DLT governance audits emphasizing cybersecurity. The report provides a comprehensive toolkit for auditing policies that pertain to a DLT environment’s cybersecurity risk management and regulatory compliance, along with suggested best practices. It takes a structured approach that includes:
- A breakdown of critical processes within DLT environments and their associated subdomains
- Identification of potential cybersecurity vulnerabilities specific to DLT operations
- Recommended strategies to mitigate identified risks, comprising control objectives, and corresponding actions
- A set of audit criteria for evaluating the current state of DLT security practices against industry best practices
Download the Distributed Ledger Technology (DLT) Cybersecurity Governance Framework, the DLT Cybersecurity Governance Framework User Guide, and the DLT Cybersecurity Governance Framework Report.
The Blockchain and Distributed Ledger Working Group investigates relevant use cases and security implications of blockchain. The group is focused on creating a framework and glossary to provide guidance and security around: wallets, exchanges, cryptography, and more. Individuals interested in becoming involved in future research and initiatives are invited to join the working group.
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.
Media Contact
Kristina Rundquist
ZAG Communications for CSA
kristina@zagcommunications.com
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.
For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.