mperklin
commented
9 years ago Great question, Milly.
CCSS does not apply to wallets alone, and this is by design. Even if you use the "best" wallet out there and enable all of the "most secure" settings, if you export your private key and back it up in a word document on your fileserver for safe-keeping, your coins can get stolen just the same.
Securing cryptocurrencies does depend on strong wallet software, but it also depends on secure hardware, strong policies, procedures, and trained staff to execute them.
This is why CCSS applies to "Information Systems" that secure cryptocurrencies, and not wallets alone.
I hope that helps clarify,
--Michael
I am a bit unclear about how these standards would be applied to the different types of wallets. On the one hand you have downloadable software programs such as Armory, Multibit, Core Client etc. Then you have online services such as blockchain.info that create keys via the web site. Then you have services that maintain the accounts themselves with no access to the private keys. It is difficult to apply a single standard to these different types of models.