本文件讨论了与以下相关的威胁、风险和控制: -向其客户（消费者和企业）提供数字资产托管服务和/或交换服务的系统，以及事故发生时的安全管理； -数字资产保管人管理的资产信息（包括数字资产的签名密钥）。 本文档面向管理与数字资产账户相关的签名密钥的数字资产保管人。在这种情况下，某些具体建议适用。 以下内容超出了本文件的范围: -区块链和DLT系统的核心安全控制； -数字资产托管人的业务风险； -客户资产的分离； -治理和管理问题。

This document discusses the threats, risks, and controls related to: — systems that provide digital asset custodian services and/or exchange services to their customers (consumers and businesses) and management of security when an incident occurs; — asset information (including the signature key of the digital asset) that a custodian of digital assets manages. This document is addressed to digital asset custodians that manage signature keys associated with digital asset accounts. In such a case, certain specific recommendations apply. The following is out of scope of this document: — core security controls of blockchain and DLT systems; — business risks of digital asset custodians; — segregation of customer's assets; — governance and management issues.