We built something you wish had existed on day one.

The 2026 CVA Cybersecurity Framework for Startups is a comprehensive, practitioner-built security baseline designed specifically for digital-asset and blockchain companies.

Written by 13 security engineers, cryptographers, lawyers, and risk specialists who have built security at crypto exchanges, custodians, and regulated financial institutions.

Crypto startups operate in a worst-of-both-worlds risk environment: treasury balances that rival mid-cap funds, code deployed publicly and immutably, and regulatory expectations modeled on banks — with a team of 3 to 15 people. The mainstream frameworks (NIST, ISO 27001, SOC 2, CIS) were not written for you. This one is.

What's inside:

• 17 chapters covering everything from key management and smart contract security to DevSecOps, incident response, and AI-driven cyber defense

• A three-level maturity model (Crawl / Walk / Run) so you know exactly where to start and how to scale

• Concrete, actionable checklists — not theory

• Coverage of crypto-native risks: private key management, custody, DeFi protocol security, on-chain finality, and agentic AI in Web3

• Aligned with FINMA, MiCAR, GDPR, DORA, and ISO 27001

Whether you are a two-person team shipping your first product or a scaling startup approaching your first institutional raise, this framework gives you the language, the structure, and the checklists to build security that holds.

Download the framework and start with Chapter 1.

Link to Typeform: Download the Framework 

Led by Markus Perdrizat, Chairman of the CVA Cybersecurity Working Group. A Crypto Valley Association publication.