Circle
Events
Blog

Download Publication

Corda Enterprise 4.8 - Security Controls Checklist
Corda Enterprise 4.8 - Security Controls Checklist
Who it's for:
CISOs / CTOs / CIOs 
Security Architects 
Application Developers 
System and Security Administrators

Corda Enterprise 4.8 - Security Controls Checklist

Release Date: 12/15/2021

In this spreadsheet, our Blockchain/Distributed Ledger Working Group delivers a fully implementable security controls checklist for the blockchain framework Corda Enterprise 4.8. These controls are aligned with the NIST Cybersecurity Framework’s controls to proactively prevent, detect and respond to the risks of Fabric 2.0, thus mitigating the business impacts downstream caused by loss of trade, trust, and ownership.

In the accompanying Corda Enterprises 4.8 - Architecture Security Report, we identify the cybersecurity risks of implementing Corda Enterprises 4.8’s architecture as a permissioned blockchain enterprise network for a trade finance business in a cloud-based environment. Steps 1-6 of the section "Threat Model Analysis as per STRIDE Model" explain in detail how this Security Controls Checklist was derived.

Key Takeaways:
  • The description of each identified Corda Enterprise 4.8 vulnerability
  • The description of each control that can be used to mitigate these vulnerabilities
  • How the controls map to NISTv5(SP 800-53 Rev. 5), the standard reference for security controls

Download this Resource

LoginCreate Account

Prefer to access this resource without an account? Download it now.

Acknowledgements

Ashish Mehta Headshot
Ashish Mehta
Cybersecurity - Sr. Risk Manager & Security Architect

Ashish Mehta

Cybersecurity - Sr. Risk Manager & Security Architect

Ashish Mehta has extensive experience in cybersecurity, blockchain, web development, IT management, financial markets, and the energy industry.

He currently serves as Co-Chair of the Blockchain Working Group and is a part of the Internet of Things (IoT) and Quantum-Safe Security Leadership Teams at the Cloud Security Alliance. In that capacity, he is responsible for pushing their multiple research efforts as well as coordinating with ...

Read more

Urmila Nagvekar Headshot
Urmila Nagvekar

Urmila Nagvekar

Urmila Nagvekar is a Certified Information Systems Security Professional (CISSP), with a combined 27 years in Information Technology, Security, and Privacy involving leading Cybersecurity, Information Risk Management, and Data Privacy Programs as business value drivers for Engineering and Geoscience with oil majors.

She has been actively contributing and presenting topics related to Blockchain Security at CSA’s Blockchain/DLT Working ...

Read more

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?