Category Aspect Component Level I Level II Level III
    Cryptographic Asset Management Key / Seed Generation Operator-created Key / Seed
    Creation methodology is validated
    DRBG Compliance
    Entropy Pool
    Wallet Creation Unique address per transaction
    Multiple keys for signing
    Redundant key for recovery
    Deterministic wallets
    Geographic distribution of keys
    Organizational distribution of keys
    Key Storage Primary keys are stored encrypted
    Backup key exists
    Backup key has environmental protection
    Backup key is access-controlled
    Backup key has tamper-evident seal
    Backup key is encrypted
    Key Usage Key access requires user/pass/nth factor
    Keys are only used in a trusted environment
    Operator reference checks
    Operator ID checks
    Operator background checks
    Spends are verified before signing
    No two keys are used on one device
    DRBG Compliance
    Key Compromise Protocol (KCP) KCP Exists
    KCP Training + Rehearsals
    Keyholder Grant/Revoke Policies & Procedures Grant/Revoke Procedures/Checklist
    Requests made via Authenticated Communication Channel
    Grant/Revoke Audit Trail
    Operations Security Audits / Pentests Security Audit
    Data Sanitization Policy (DSP) DSP Exists
    Audit Trail of all media sanitization
    Proof of Reserve (PoR) Proof of Reserve Audits
    Audit Logs Application Audit Logs
    Backup of Audit Logs