{"id":993711,"date":"2025-10-13T11:15:59","date_gmt":"2025-10-13T08:15:59","guid":{"rendered":"https:\/\/cukurpartners.com\/?p=993711"},"modified":"2025-12-24T11:19:40","modified_gmt":"2025-12-24T08:19:40","slug":"tubitakin-kripto-varlik-hizmet-saglayici-kriterleri-guvenlikte-yeni-donem","status":"publish","type":"post","link":"https:\/\/cukurpartners.com\/tr\/tubitakin-kripto-varlik-hizmet-saglayici-kriterleri-guvenlikte-yeni-donem\/","title":{"rendered":"T\u00dcB\u0130TAK\u2019IN KR\u0130PTO VARLIK H\u0130ZMET SA\u011eLAYICI KR\u0130TERLER\u0130: G\u00dcVENL\u0130KTE YEN\u0130 D\u00d6NEM"},"content":{"rendered":"<div class=\"vgblk-rw-wrapper limit-wrapper\">\n<ol>\n<li><b> Giri\u015f<\/b><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">T\u00fcrkiye\u2019de uzun zamand\u0131r tart\u0131\u015f\u0131lan kripto varl\u0131k piyasas\u0131n\u0131n d\u00fczenleme s\u00fcreci, 2024 y\u0131l\u0131nda <\/span><b>Sermaye Piyasas\u0131 Kanununda De\u011fi\u015fiklik Yap\u0131lmas\u0131na Dair Kanun <\/b><a href=\"https:\/\/www.resmigazete.gov.tr\/eskiler\/2024\/07\/20240702-1.htm\"><span style=\"font-weight: 400;\">(02.07.2024 tarihli ve 32590 say\u0131l\u0131 Resm\u00ee Gazete)<\/span><\/a> <span style=\"font-weight: 400;\">ile Sermaye Piyasas\u0131 Kanunu\u2019nda yap\u0131lan detayl\u0131 de\u011fi\u015fiklikler ve yeni eklemeler ile<\/span> <span style=\"font-weight: 400;\">ba\u015flam\u0131\u015ft\u0131. Sermaye Piyasas\u0131 Kanunu\u2019ndaki bu de\u011fi\u015fiklikler ile T\u00fcrkiye\u2019de faaliyet g\u00f6steren veya g\u00f6sterecek olan kripto varl\u0131k hizmet sa\u011flay\u0131c\u0131lar\u0131 6362 say\u0131l\u0131 Sermaye Piyasas\u0131 Kanunu kapsam\u0131na al\u0131nm\u0131\u015f ve Sermaye Piyasas\u0131 Kurulu d\u00fczenleme ve denetimi yetkisi alt\u0131na al\u0131nm\u0131\u015ft\u0131.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">2025 y\u0131l\u0131 itibar\u0131yla ise Sermaye Piyasas\u0131 Kurulu\u2019nun yay\u0131mlad\u0131\u011f\u0131 a\u015fa\u011f\u0131da yer alan Tebli\u011fler ile uygulama \u00e7er\u00e7evesi netle\u015ftirilmi\u015f durumdad\u0131r.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">III-35\/B.1 Kripto Varl\u0131k Hizmet Sa\u011flay\u0131c\u0131lar\u0131n Kurulu\u015f ve Faaliyet Esaslar\u0131 Hakk\u0131nda Tebli\u011f (<\/span><a href=\"https:\/\/www.resmigazete.gov.tr\/eskiler\/2025\/03\/20250313-5.htm\"><span style=\"font-weight: 400;\">13.03.2025 tarihli ve 32840 Say\u0131l\u0131 Resm\u00ee Gazete<\/span><\/a><span style=\"font-weight: 400;\">),\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">III-35\/B.2 Kripto Varl\u0131k Hizmet Sa\u011flay\u0131c\u0131lar\u0131n \u00c7al\u0131\u015fma Usul ve Esaslar\u0131 ile Sermaye Yeterlili\u011fi Hakk\u0131nda Tebli\u011f (<\/span><a href=\"https:\/\/www.resmigazete.gov.tr\/eskiler\/2025\/03\/20250313-6.htm\"><span style=\"font-weight: 400;\">13.03.2025 tarihli ve 32840 Say\u0131l\u0131 Resm\u00ee Gazete<\/span><\/a><span style=\"font-weight: 400;\">)<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">Bu d\u00fczenlemelere ek olarak, 6362 say\u0131l\u0131 Sermaye Piyasas\u0131 Kanunu kapsam\u0131nda, kripto varl\u0131k piyasas\u0131n\u0131n g\u00fcvenli\u011fini sa\u011flamak ile g\u00f6revlendirilen <\/span><b>T\u00fcrkiye Bilimsel ve Teknolojik Ara\u015ft\u0131rma Kurumu (\u201cT\u00dcB\u0130TAK\u201d)<\/b><span style=\"font-weight: 400;\">\u2019nun Bili\u015fim ve Bilgi G\u00fcvenli\u011fi \u0130leri Teknolojiler Ara\u015ft\u0131rma Merkezi (\u201cB\u0130LGEM\u201d) taraf\u0131ndan, kripto varl\u0131k hizmet sa\u011flay\u0131c\u0131lar\u0131n\u0131n bilgi sistemleri ve teknolojik altyap\u0131lar\u0131n\u0131n g\u00fcvenli\u011fini sa\u011flamak \u00fczere uymas\u0131 gereken Kriterler (\u201c<\/span><b>Kripto Varl\u0131k Hizmet Sa\u011flay\u0131c\u0131lar\u0131n Bilgi Sistemleri ve Teknolojik Altyap\u0131lar\u0131na \u0130li\u015fkin Kriterler\u201d, <\/b><a href=\"https:\/\/bilgem.tubitak.gov.tr\/kvhs\/\"><span style=\"font-weight: 400;\">T\u00dcB\u0130TAK Kriterleri, 2025<\/span><\/a><span style=\"font-weight: 400;\">) yay\u0131nlanm\u0131\u015f bulunuyor.<\/span><\/p>\n<ol start=\"2\">\n<li><b> T\u00dcB\u0130TAK Kriterleri\u2019nin \u00d6nemi<\/b><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">\u00d6nceki d\u00fczenlemelerde genel olarak finansal ve organizasyonel y\u00fck\u00fcml\u00fcl\u00fckler \u00f6ne \u00e7\u0131karken, T\u00dcB\u0130TAK\u2019\u0131n yay\u0131mlad\u0131\u011f\u0131 kriterler teknik altyap\u0131 ve bilgi g\u00fcvenli\u011fi boyutunu detayl\u0131 \u015fekilde ortaya koymu\u015ftur. Bu kriterler, yaln\u0131zca asgari teknik gereklilikler de\u011fil, ayn\u0131 zamanda uluslararas\u0131 standartlara uyum hedefleyen bir g\u00fcvenlik \u00e7er\u00e7evesi niteli\u011fi ta\u015f\u0131maktad\u0131r.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Ama\u00e7, kripto varl\u0131klar\u0131n saklanmas\u0131, transferi ve kullan\u0131c\u0131 bilgilerinin i\u015flenmesi s\u0131ras\u0131nda <\/span><b>siber g\u00fcvenlik risklerinin en aza indirilmesi<\/b><span style=\"font-weight: 400;\"> ve <\/span><b>m\u00fc\u015fteri varl\u0131klar\u0131n\u0131n korunmas\u0131n\u0131n<\/b><span style=\"font-weight: 400;\"> sa\u011flanmas\u0131d\u0131r.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Yeni Tebli\u011fler ve T\u00dcB\u0130TAK\u2019\u0131n Kriterleri, kripto varl\u0131k hizmet sa\u011flay\u0131c\u0131lar\u0131n\u0131n sistemsel ve teknik altyap\u0131lar\u0131n\u0131 eskisinden \u00e7ok daha derinlemesine d\u00fczenlemektedir.\u00a0<\/span><\/p>\n<ol start=\"3\">\n<li><b> T\u00dcB\u0130TAK Teknolojik Altyap\u0131 ve Bilgi Sistemlerinde Getirilen Yenilikler<\/b><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">T\u00dcB\u0130TAK B\u0130LGEM taraf\u0131ndan yay\u0131mlanan Bilgi Sistemleri ve Teknolojik Altyap\u0131 Kriterleri art\u0131k do\u011frudan mevzuata entegre edilmi\u015f durumda. Bu da kripto varl\u0131k hizmet sa\u011flay\u0131c\u0131lar\u0131 i\u00e7in g\u00fcvenlikte bamba\u015fka bir d\u00f6nemin ba\u015flad\u0131\u011f\u0131n\u0131 g\u00f6steriyor.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">T\u00dcB\u0130TAK\u2019\u0131n yay\u0131mlad\u0131\u011f\u0131 Bilgi Sistemleri ve Teknolojik Altyap\u0131lar\u0131na \u0130li\u015fkin Kriterler, yaln\u0131zca \u201ciyi niyetli bir rehber\u201d olmakla kalmay\u0131p Tebli\u011flerle birlikte kripto varl\u0131k sekt\u00f6r\u00fc i\u00e7in teknik gereklilikleri somutla\u015ft\u0131rmaktad\u0131r.\u00a0<\/span><\/p>\n<ol start=\"4\">\n<li><b> T\u00dcB\u0130TAK Kriterlerinde \u00d6ne \u00c7\u0131kan Teknik Gereklilikler<\/b><\/li>\n<\/ol>\n<p><b>4.1. S\u0131cak ve so\u011fuk c\u00fczdan ayr\u0131m\u0131: <\/b><span style=\"font-weight: 400;\">Rehberde a\u00e7\u0131k\u00e7a belirtilmi\u015ftir ki, s\u0131cak c\u00fczdan (online, internete ba\u011flant\u0131l\u0131) ile so\u011fuk c\u00fczdan (offline, izole sistemlerde tutulan) aras\u0131nda g\u00fcvenlik seviyesi a\u00e7\u0131s\u0131ndan fark olmal\u0131d\u0131r. So\u011fuk c\u00fczdanlarda \u00f6zel anahtarlar\u0131n bulundu\u011fu cihazlar internete do\u011frudan eri\u015fim sa\u011flayamamal\u0131; sadece aralar\u0131nda hava bo\u015flu\u011fu, izole ge\u00e7it sistemleri ya da g\u00fcvenli aktar\u0131m protokolleri ile veri al\u0131\u015fveri\u015fi yap\u0131lmal\u0131d\u0131r.<\/span><b>\u00a0<\/b><\/p>\n<p><b>4.2. Anahtar y\u00f6netimi ve kriptografik mekanizmalar: <\/b><span style=\"font-weight: 400;\">T\u00dcB\u0130TAK Kriterleri, \u00f6zel anahtarlar\u0131n \u00fcretiminden saklanmas\u0131na kadar her a\u015famada y\u00fcksek g\u00fcvenlik \u00f6nlemlerinin al\u0131nmas\u0131n\u0131 \u015fart ko\u015fmaktad\u0131r. Bu g\u00fcvenlik \u00f6nlemleri aras\u0131nda \u00f6zel anahtarlar\u0131n \u00fcretimi, saklanmas\u0131 ve yedeklenmesi s\u00fcre\u00e7lerinde HSM (G\u00fcvenli Donan\u0131m Mod\u00fcl\u00fc) kullan\u0131m\u0131, \u00e7ok fakt\u00f6rl\u00fc eri\u015fim, anahtar par\u00e7alar\u0131n\u0131n da\u011f\u0131t\u0131m\u0131, \u015fifreleme protokolleri ve g\u00fcvenli yedekleme \u015fartlar\u0131 yer al\u0131yor. Ayr\u0131ca, Kriterler esas olarak bu mekanizmalar\u0131n \u201ciptal edilemez kay\u0131t\u201d ve \u201cdenetlenebilir iz\u201d b\u0131rakacak \u015fekilde \u00e7al\u0131\u015ft\u0131r\u0131lmas\u0131 gerekti\u011fini belirtmektedir.<\/span><b>\u00a0<\/b><\/p>\n<p><b>4.3. \u0130\u015flem Onay\u0131 Prosed\u00fcrleri (Transfer Emirleri):<\/b><\/p>\n<p><span style=\"font-weight: 400;\">T\u00dcB\u0130TAK Kriterleri\u2019ne g\u00f6re herhangi bir kripto varl\u0131k transfer emri imzalanmadan \u00f6nce, sistemlerin baz\u0131 kriterleri sa\u011flamas\u0131 gerekmektedir. \u00d6ncelikle transfer emir sahibinin kimli\u011fi do\u011frulanm\u0131\u015f olmal\u0131 ve transfer emri platform politikalar\u0131na, onayl\u0131 adres listesine ve m\u00fc\u015fteri s\u00f6zle\u015fmesine uygun olmal\u0131d\u0131r. E\u011fer \u00e7oklu imzalama (multi-signature) ya da e\u015fik (threshold) imza mekanizmalar\u0131 kullan\u0131l\u0131yorsa, bunlara ili\u015fkin i\u015f etki analizi yap\u0131lmal\u0131, risk kontrolleri uygulanmal\u0131d\u0131r.\u00a0<\/span><\/p>\n<p><b>4.4. Eri\u015fim Kontrol\u00fc ve Kimlik Do\u011frulama: <\/b><span style=\"font-weight: 400;\">Her sistem bile\u015feni i\u00e7in eri\u015fim haklar\u0131 rol bazl\u0131 tan\u0131mlanmal\u0131, yetkili olmayan hesaplara eri\u015fim \u00f6nlenmelidir. Rehber, \u00f6zellikle y\u00fcksek ayr\u0131cal\u0131kl\u0131 (privileged) eri\u015fimlerde ek kimlik do\u011frulama seviyeleri ve oturum s\u0131n\u0131rland\u0131rmalar\u0131 \u00f6ne \u00e7\u0131kar\u0131r. Ayr\u0131ca, belirli kritik i\u015flemlerde kullan\u0131c\u0131n\u0131n yeniden kimlik do\u011frulamas\u0131 (re-authentication) istenmesi gerekir.\u00a0<\/span><\/p>\n<p><b>4.5. Denetim \u0130zleri (audit logs) ve \u0130zlenebilirlik: <\/b><span style=\"font-weight: 400;\">Sistemde ger\u00e7ekle\u015fen t\u00fcm i\u015flemler (kimin ne zaman giri\u015f yapt\u0131\u011f\u0131, hangi i\u015flem yapt\u0131\u011f\u0131, hangi parametrelerle, hangi sonu\u00e7la \u00e7\u0131kt\u0131\u011f\u0131 vs.) g\u00fcvenli bir bi\u00e7imde kay\u0131tlanmal\u0131; bu izler de\u011fi\u015ftirilmez olmal\u0131 ve denetime haz\u0131r hale getirilmelidir. Rehber, bu kay\u0131tlar\u0131n sistem i\u00e7i analiz ve d\u0131\u015f denetim s\u00fcre\u00e7leri i\u00e7in kullan\u0131labilece\u011fini \u00f6ng\u00f6r\u00fcr.\u00a0<\/span><\/p>\n<p><b>4.6. Sistem S\u00fcreklili\u011fi, Felaket Kurtarma ve Yedekleme: <\/b><span style=\"font-weight: 400;\">Platform kesintisiz \u00e7al\u0131\u015fmak zorundad\u0131r; ar\u0131za, sald\u0131r\u0131 veya afet durumlar\u0131 i\u00e7in i\u015f s\u00fcreklili\u011fi (business continuity) ve felaket kurtarma (disaster recovery) planlar\u0131n\u0131n olmas\u0131 \u015fartt\u0131r. Ayr\u0131ca, verilerin periyodik olarak yedeklenmesi, yedeklerin g\u00fcvenli ortamlarda saklanmas\u0131 ve beklenmedik durumlarda h\u0131zl\u0131 geri y\u00fcklenebilmesi gerekir. Rehber, yedeklenmi\u015f sistemlerin test edilmesini ve d\u00fczenli senaryolarla sim\u00fclasyonlar\u0131 \u00f6nerilir.\u00a0<\/span><\/p>\n<p><b>4.7. Koruma Profili ve G\u00fcvenlik Testleri: <\/b><span style=\"font-weight: 400;\">TUB\u0130TAK Kriterleri\u2019nde a\u00e7\u0131k\u00e7a ifade edilmektedir ki sistemin bile\u015fenleri (\u00f6zellikle c\u00fczdanlar, anahtar mod\u00fclleri) ulusal\/uluslararas\u0131 koruma profilleri (\u00f6rn. Ortak Kriterler, EAL seviye) baz\u0131nda test edilmeli; test raporlar\u0131 al\u0131nmal\u0131 ve belgelendirilmeli. \u00d6zellikle c\u00fczdan imzalama bile\u015fenleri ve anahtar saklama sistemleri test edilmi\u015f, sertifikal\u0131 donan\u0131m mod\u00fclleri kullanmal\u0131d\u0131r.\u00a0<\/span><\/p>\n<p><b>4.8. Da\u011f\u0131t\u0131k Defter Entegrasyonu &amp; Denetim Kontroll\u00fc Veri Ak\u0131\u015f\u0131: <\/b><span style=\"font-weight: 400;\">Platformlar\u0131n blokzincir a\u011f\u0131 ile etkile\u015fim kuracak sistem bile\u015fenleri, do\u011frulama s\u00fcre\u00e7leri, a\u011f ba\u011flant\u0131lar\u0131 ve veri ge\u00e7i\u015f mekanizmalar\u0131 g\u00fcvenlik kontrollerine tabi tutulmal\u0131d\u0131r. Rehber, transfer \u00fccret hesaplama, \u00e7atallanma tespiti ve i\u015flem do\u011frulama s\u00fcre\u00e7lerinin platform kontrol\u00fcnde y\u00fcr\u00fct\u00fclmesini \u00f6ng\u00f6rmektedir.\u00a0<\/span><\/p>\n<ol start=\"5\">\n<li><b> Sonu\u00e7<\/b><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">T\u00dcB\u0130TAK\u2019\u0131n yay\u0131mlad\u0131\u011f\u0131 Kriterler ile birlikte kripto varl\u0131k hizmet sa\u011flay\u0131c\u0131lar\u0131 i\u00e7in <\/span><b>g\u00fcvenlik, \u015feffafl\u0131k ve denetim<\/b><span style=\"font-weight: 400;\"> ekseninde g\u00fcvenlikte yeni bir d\u00f6nem ba\u015flad\u0131\u011f\u0131 net \u015fekilde g\u00f6r\u00fclmektedir.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Bu Kriterler, uluslararas\u0131 standartlarla uyumlu g\u00fcvenlik altyap\u0131s\u0131 kurmay\u0131 zorunlu hale getirmi\u015f, sekt\u00f6rdeki \u015firketlerin yaln\u0131zca finansal de\u011fil, ayn\u0131 zamanda teknolojik ve operasyonel a\u00e7\u0131dan da g\u00fc\u00e7l\u00fc bir yap\u0131ya sahip olmas\u0131n\u0131 \u015fart ko\u015fmu\u015ftur.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Bu yeni d\u00fczenlemeler do\u011frultusunda, kripto varl\u0131k hizmet sa\u011flay\u0131c\u0131lar\u0131n\u0131n hem SPK tebli\u011flerine hem de T\u00dcB\u0130TAK kriterlerine uyum sa\u011flayarak faaliyetlerini s\u00fcrd\u00fcrmeleri, sekt\u00f6rde g\u00fcvenilirlik ve s\u00fcrd\u00fcr\u00fclebilirlik a\u00e7\u0131s\u0131ndan kritik \u00f6nemdedir.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p>Avukat Ezginaz \u00c7al\u0131\u015f\u0131r<\/p><\/div>\n<p><!-- .vgblk-rw-wrapper --><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Giri\u015f T\u00fcrkiye\u2019de uzun zamand\u0131r tart\u0131\u015f\u0131lan kripto varl\u0131k piyasas\u0131n\u0131n d\u00fczenleme s\u00fcreci, 2024 y\u0131l\u0131nda Sermaye Piyasas\u0131 Kanununda De\u011fi\u015fiklik Yap\u0131lmas\u0131na Dair Kanun (02.07.2024 tarihli ve 32590 say\u0131l\u0131 Resm\u00ee Gazete) ile Sermaye Piyasas\u0131 Kanunu\u2019nda yap\u0131lan detayl\u0131 de\u011fi\u015fiklikler ve yeni eklemeler ile ba\u015flam\u0131\u015ft\u0131. Sermaye Piyasas\u0131 Kanunu\u2019ndaki bu de\u011fi\u015fiklikler ile T\u00fcrkiye\u2019de faaliyet g\u00f6steren veya g\u00f6sterecek olan kripto varl\u0131k hizmet sa\u011flay\u0131c\u0131lar\u0131 6362&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[418],"tags":[],"class_list":["post-993711","post","type-post","status-publish","format-standard","hentry","category-bilgi-kaynaklari"],"_links":{"self":[{"href":"https:\/\/cukurpartners.com\/tr\/wp-json\/wp\/v2\/posts\/993711","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cukurpartners.com\/tr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cukurpartners.com\/tr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cukurpartners.com\/tr\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/cukurpartners.com\/tr\/wp-json\/wp\/v2\/comments?post=993711"}],"version-history":[{"count":1,"href":"https:\/\/cukurpartners.com\/tr\/wp-json\/wp\/v2\/posts\/993711\/revisions"}],"predecessor-version":[{"id":993712,"href":"https:\/\/cukurpartners.com\/tr\/wp-json\/wp\/v2\/posts\/993711\/revisions\/993712"}],"wp:attachment":[{"href":"https:\/\/cukurpartners.com\/tr\/wp-json\/wp\/v2\/media?parent=993711"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cukurpartners.com\/tr\/wp-json\/wp\/v2\/categories?post=993711"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cukurpartners.com\/tr\/wp-json\/wp\/v2\/tags?post=993711"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}