Skip to content

fix: add early-stage standards section, omit unlinkable entries #476

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
frameworks-volunteer wants to merge 1 commit into from
Closed

fix: add early-stage standards section, omit unlinkable entries #476

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions docs/pages/opsec/integration/overview.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
title: "OpSec Integration | Security Alliance"
description: "Integrate OpSec with DevSecOps, privacy frameworks, and governance. Map controls to ISO 27001, NIST, CIS Controls, OWASP, SOC 2, MITRE AADAPT, OWASP SCWE, EEA EthTrust, and OWASP Smart Contract Top 10 standards for unified Web3 security approach."
description: "Integrate OpSec with DevSecOps, privacy frameworks, and governance. Map controls to ISO 27001, NIST, CIS Controls, OWASP, SOC 2, MITRE AADAPT, OWASP SCWE, EEA EthTrust, OWASP Smart Contract Top 10, and CCSS standards for unified Web3 security approach."
tags:
- Security Specialist
- Operations & Strategy
Expand Down Expand Up @@ -151,7 +151,11 @@ Aligning operational security practices with established security standards and

4. **EEA EthTrust Security Levels v3** — [EthTrust SL v3](https://entethalliance.org/specs/ethtrust-sl/). Defines certification requirements and three assurance levels (S, M, Q) for audited smart contracts. Level S requires formal verification and comprehensive testing; Level M requires thorough manual review; Level Q covers quick-scan assessments. Map OpSec audit procedures to the appropriate EthTrust level to communicate assurance rigor to stakeholders and regulators.

5. **Cross-Chain Security Standards**: Emerging standards for cross-chain bridge and messaging protocol security, where bridge exploits remain a dominant attack vector.
### Early-Stage & Emerging Standards

The following initiatives are still under active development. They are listed here for awareness, but their specifications may change significantly. Always refer to the linked resources for the latest status.

1. **CryptoCurrency Security Standard (CCSS)** — [C4 CCSS](https://cryptoconsortium.org/ccss/). An open standard developed by the CryptoCurrency Certification Consortium (C4) that defines security requirements for systems that handle cryptocurrencies. CCSS covers key management, wallet generation, and transaction signing at three levels of increasing rigor. While primarily aimed at custodial and exchange infrastructure, its control categories can inform OpSec practices for any organization handling digital assets.

## Creating a Unified Security Approach

Expand Down
1 change: 1 addition & 0 deletions wordlist.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -365,3 +365,4 @@ Intune
AADAPT
SCWE
EthTrust
CCSS
Loading