Summary

Recommendation ITU-T X.1404 defines three levels of security assurance for the distributed ledger technology (DLT) in order to facilitate design and development of security assurance mechanisms. It further defines ten security assurance components encompassing the security assurance and specifies criteria and guidelines for achieving each of the three levels of a security assurance component. Finally, it also provides a mapping between specific threats and security assurance components and a mapping between specific security capabilities and security assurance components.

Distributed ledger technology (DLT) is defined as a shared digital ledger, which is a continually updated list of all transactions. The assurance of DLT is defined as the degree of confidence that the process or deliverable meets defined characteristics or objectives. An assurance level could be considered as a quantitative expression of assurance agreed among the relevant parties.

There is a need for specifying criteria and guidelines for achieving each of the three levels of a security assurance component: data integrity, data confidentiality, credential management, identity proofing of users, entity authentication, authorization, data obfuscation, consensus mechanism strength, smart contract and personally identifiable information (PII) data protection. To facilitate the design and development of security assurance mechanisms, this Recommendation is based on three levels of security assurance.