Cloud Security Alliance Releases Report on Corda Blockchain Framework and Security Controls
December 16, 2021The Cloud Security Alliance (CSA) released Corda Enterprise 4.8 – Architecture Security Report and an accompanying security controls checklist. Drafted by the CSA Blockchain/Distributed Ledger Working Group, the report examines the security of r3’s blockchain framework, Corda Enterprise 4.8 Permissioned Network, and offers ways to mitigate negative business impacts that could arise from such threats as improper business logic flow and insecure network implementation, among others.
“Our aim when drafting this paper was to bring security and risk management leaders new to Corda DLT implementations quickly up to speed with respect to associated organizational risks so that they, in turn, can better estimate operational costs while simultaneously balancing their security needs with business priorities,” said Bill Izzo, chair of the Blockchain/DLT Working Group.
The researchers, led by Urmila Nagvekar, one of the paper’s co-authors, sought ways to help security and risk management leaders, as well as regulators in the financial sector, proactively prevent, detect, and respond to potential risks by:
- identifying Corda’s architectural risks to cybersecurity attributes (privacy, confidentiality, integrity, availability) when implemented as a permissioned enterprise network for a trade finance business in a cloud-based environment
- delivering a fully implementable security controls checklist aligned with the NIST Cybersecurity Framework’s Controls.
Key takeaways from the report include an overview of how Corda 4.8 was used to depict a transaction within a trade finance workflow; the steps, method, and results of the Corda 4.8 risk identification process; and cryptography module recommendations for a Corda 4.8 permissioned network.
The Blockchain/Distributed Ledger Working Group works to produce useful content to educate different industries on blockchain and its proper use, as well as define blockchain security and compliance requirements based upon different industries and use cases. Individuals interested in becoming involved in Blockchain/Distributed Ledger future research and initiatives are invited to join the working group.
Download the full Corda Enterprise 4.8 – Architecture Security Report and the accompanying security controls checklist.