Blockchain Maturity Model Request For Comment (RFC)


Why the Blockchain Maturity Model?

As you know the blockchain and cryptocurrency industry is growing at break-neck speeds. New solutions are being deployed every day. Unfortunately, governments and large-scale enterprises do not have the knowledge or assessment capabilities to acquire, deploy and maintain enterprise blockchain solutions.

While many blockchain solution providers will tell their government customers that their solution is the best, how can government contracting officers be confident that they are making the proper acquisition decisions? The GBA Standards Working Group has been working on this problem and has drafted the Blockchain Maturity Model (BMM). The group is coordinating with other national and international standards organizations to develop this solution.Ā While it is still in the early stages, it provides a framework for objectively guiding the development of blockchain solutions and assessing them.

What is the Blockchain Maturity Model?

The model has several components. They include:

  • Blockchain Solution Requirements
  • Blockchain Training Program
  • Blockchain Assessment Program

The model looks at blockchain solutions from a variety of perspectives (model elements) including:

  • Decentralization
  • Governance
  • Identity Management
  • Interoperability
  • Performance
  • Privacy
  • Reliability
  • Resilience
  • Security
  • Sustainability

And the model sets expectations for various levels of maturity for each element. The levels are:

  • Level 1: Feasible
  • Level 2: Functional
  • Level 3: Operational
  • Level 4: Stable
  • Level 5: Scalable

In addition to the generic requirements, domain-specific requirements are being developed for specific industries. The first three industries that the GBA is focusing on are Elections, Financial Services, and Gaming.

How Can I Get Involved?

If you are interested in participating in this project, please consider these steps:

  1. Download the current version of the model (0.9) and give GBA Standards Working Group your feedback. Just go to
  2. Join the GBA Standards & Certification Working Group and help us review comments and draft the family of documents that comprise the model. If you are a current GBA member you can join at
  3. Volunteer your blockchain solution to be a pilot to help refine the model and develop the detailed specifications for assessment.
  4. Help the GBA get funding to work on this project. Of course, we can continue to work on this on a volunteer basis. However, funding would greatly accelerate the process and help us move as fast as the industry demands.

Your support is incredibly important to this effort, the GBA, and the entire industry. I do hope that you will join us in making a global impact.

For more information, please contact the GBA Standards Working Group Leader, Meiyappan Masilamani at

Related Articles


  1. I have played an active part in the content of this model but now reviewing in total, I would propose an additional section for consideration.
    My new proposed section would be “Reporting, Record Keeping, Accounting & Audit”. In most industries, there is a requirement to retain records for certain periods of time. The solution should be able to show both the retention of required records as well as the means to discard older records. They will also have to meet or be configurable for GAAP or IFRS standards.
    Blockchains are “distributed ledgers” and act as the primary or sub-ledger for the digital assets that are transacted within a network. If the network is a sub-ledger, the process controls and record retention requirements for reconciling the upstream ledger to the distributed ledger need to be defined.
    Any “ledger” would be subject to audit so should prove it can meet the requirements of an accounting audit.

  2. With respect to the record keeping and accounting mentioned in my earlier comment, it could be its own section or incorporated into a broader section on Regulatory & Compliance – especially with the advent of the new US crypto legislation within the recent infrastructure bill that was passed and the European GDPR regulations. There could be two layers of assessment related to able to comply and proven to comply.