🦆
D.U.C.K. - Knowledge Base
  • D.U.C.K. Knowledge Base
    • 🦆Introduction
    • 🤝Contributors
    • 🎯Journey ahead
    • ℹ️Structure Overview
  • Risk Framework
    • ℹ️Risk Framework
    • Risks
      • Slashing (SLS)
      • Downtime (DOW)
      • Key Compromises (KEC)
      • General Infrastructure (GIR)
      • Service Partner Specifics (SPS)
      • Reputation (RER)
    • Risk Management Procedures
    • Risk Assessment Procedures
    • Review & Audit Procedures
    • Templates
      • Risk Register
      • Incident Response Plan
  • Mitigation & Controls Library
    • ℹ️Mitigation & Controls Library
    • Mitigation Strategies
    • Controls Catalog & Best Practices
    • Implementation Guidelines
    • Collection of Tools, Scripts & Templates
  • Communications Toolkit
    • ℹ️Communication Toolkit
    • Stakeholder Strategy
      • Stakeholder Overview
      • Ecosystem Touchpoints
      • Stakeholder Management
    • Incident Communication Protocols
    • Templates & Toolkits
      • Stakeholder Map
      • Stakeholder Register
      • Post-Mortem Analysis
      • Tools
    • Ecosystem Blueprint
      • Large Node Operator
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
  1. Mitigation & Controls Library

Mitigation & Controls Library

PreviousIncident Response PlanNextMitigation Strategies

Last updated 1 year ago

Was this helpful?

The Mitigations & Controls Library is a curated repository of information, tools, and best practices designed to address and manage risks inherent to node operations. This comprehensive library serves as a go-to resource for node operators, providing actionable insights and mitigation options to enhance the security, reliability, and efficiency of their operations.

Tangible components:

  • Mitigation strategies and Best Practices

  • Controls catalog

  • Implementation Guides library for selected controls

  • Ready-to-use tools, scripts, and templates

Most of the best practices that optimize up-time, access control and general stability directly apply to operating a node properly. However, there are a few risks that are very specific to running a node-operator, and to mitigate them, higher levels of process segregation need to be achieved.

When analyzing the scope and the respective identified risks, we have found the best fit being a combination of control criteria from three frameworks:

As with every audit, we put together the control criteria which are in the context of protecting node operators from their specific risks.

ℹ️
OWASP Top 10
ISO 27001
AICPA SOC2 Trust Services criteria
material