0% found this document useful (0 votes)

799 views

CSCF Assessment Template For Mandatory Controls v2024 v1.0

Uploaded by

Ibrahim Abdurahman

Available Formats

Download as XLSX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

799 views

CSCF Assessment Template For Mandatory Controls v2024 v1.0

Uploaded by

Ibrahim Abdurahman

Available Formats

Download as XLSX, PDF, TXT or read online on Scribd

You are on page 1/ 189

713984384.

xlsx - Read me first Tab Template Version: 2019

CSCF Assessment template instructions - Mandatory controls - Version 2024

PURPOSE

This template is provided for convenience; SWIFT recommends that independent assessors, involved in the assessment of the Customer Security Controls Framework (CSCF) controls implemenation for a SWIFT user, use it to document the assessment
results. This workbook provides guidelines that apply only the CSCF v2024 mandatory controls; a separate file is available for assessing CSCF advisory controls.

INSTRUCTIONS
1 Important note: User data contained within this assessment workbook is considered sensitive and must not be disclosed to any party without express written consent from the SWIFT user.

Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the security goal, regardless of the implementation method used (be it the suggested guidelines or alternatives).
As such, to comply with a CSP security control, users must implement a solution that: (i) Meets the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope components relevant for the user’s architecture.
2 The control statement is a suggested means to fulfil the control objective and the implementation guidelines are common methods for implementing the control. Even if guidelines can be a good way to start an assessment, the implementation
guidance section of each control in the CSCF should never be considered as an "audit checklist" as each user’s implementation may vary. Therefore, in the case that some implementation guidelines elements are not present or partially covered,
mitigations as well as particular environment specificities have to be taken into account to properly assess the overall compliance adherence level (again, as per the suggested guidelines or as per alternatives).

3 SWIFT highly recommends that users also include the CSCF advisory controls in the independent assessment; some of the advisory may be turned mandatory in the next version of the CSCF

Begin the assessment process by thoroughly reviewing the Customer Security Controls Framework (CSCF), assessment templates, and all other SWIFT-provided assessment guidance.
4 Access to documentation through your swift.com user account (your company being registered with SWIFT), or documentation to be provided by the SWIFT user if your company is not registered and you do not have an a swift.Com user account.

Access the Attestation Support page

Reference the “User Data” tab and populate all applicable cells with the information requested. Note that all individual assessors involved in executing the end-to-end assessment process should be included in the “Assessor Name(s)” field.
5
Additionally, names provided in the “Assessor Name(s)” field should be accompanied by the applicable professional certification(s) held by each individual assessor.

Depending on the architecture type of the community member in question, complete the following coloured tabs that represent the control data contained within the CSCF.
• Architecture A1 and A2 : BLUE + GREEN + RED + YELLOW tabs
6 • Architecture A3: BLUE + GREEN + RED tabs
• Architecture A4: BLUE + GREEN tabs
• Architecture B: BLUE tabs

For each applicable tab defined above, review the control objective, in-scope components, risk drivers, control statement, and control context. Assessors should reference the full text of the CSCF document for a full listing of all control and guideline-
7
level details. This guidance applies to the internal or external assessors to assess the existing/implemented controls and their suitability/effectiveness.

The assessment templates directly correlate to the CSCF and highlight which CSCF controls are applicable to the user’s architecture type. For each applicable control, the relevant template sets out the control objective, any underpinning key
principle(s) and SWIFT’s guidance with respect to their implementation. By use of the template, the assessor can then confirm whether those that are applicable to the user are complied with, either via SWIFT’s implementation guidance or, for typically
large or complex institutions, via an alternative implementation method. (Specifically, for CSCF control 1.1, the key principle 1.1.C2 may not be applicable).
8
Finally, some CSCF controls although relevant for the user’s SWIFT architecture type may, in rare cases, not be applicable depending upon the user’s specific local infrastructure. In such cases, they should be assessed as 'Not Applicable'. An
example of this would be Control 6.2 (Anti-Virus) which, whilst likely to be applicable in most environments would is not likely to be applicable in a Linux environment. - please refer to the KYC-SA baseline for the identification of such controls.

For each Implementation Guideline in the "Assessments Results" section, indicate whether or not the user has fulfilled the guideline statement using the appropriate drop-down list(s) available at the right side of the worksheet. Note that the only
9
available responses are “yes”, “no”, and “N/A”. Responses marked “N/A” are not detrimental to the overall disposition of any control.

Support the above-mentioned finding by populating the corresponding cell(s) marked "<Observations & response justification - address all subordinate implementation details as documented in the CSCF>" for each guideline. As noted, assessors
10
should address all subordinate details documented for each Implementation Guideline as provided in the CSCF.

For each guideline in the "Assessments Results" section, indicate whether or not the user has used an alternative implementation means to fill the control requirement(s) of said guideline. Use the appropriate drop-down list(s) available at the right side
11
of the worksheet. Note that the use of alternative implementation means is not detrimental to the overall conclusion of the control.

For any control where alternative implementation means were used to fill the control requirement(s), provide a full explanation of the alternative means utilised in the corresponding cells marked "<Alternative guideline implementation approach and
12 details>". Note that the worksheet will grey out these cells for any guidelines that have been addressed using the standard implementation method. Responses provided should be comprehensive and detail how all applicable risks are addressed by
the user's custom implementation.

When the above steps have been completed, the worksheet will automatically mark the control as either "In Place" or "Not in Place" depending on the input provided by the assessor in the "Assessments Results" section. Do not attempt to manually
13
alter any fields that are automatically populated (non-modifiable cells are password protected).

14 The workbook will automatically display a summary of the dispositions of all controls in the "Summary" tab.

The information herein is confidential and will not disclosed to third parties without written permission Template Copyright © S.W.I.F.T. SCRL, 2019
713984384.xlsx - User Data Tab Template Version: 2019

USER BACKGROUND DATA SHEET

Customer Name SHABELLE BANK
BIC SBEETAA
Architecture Type A3
Assessment Start Date 8/1/2023
Assessment End Date 12/10/2023
CSCF Version 2024
Assessor Firm ATLAS

The information herein is confidential and will not disclosed to third parties without written permission Template Copyright © S.W.I.F.T. SCRL, 2019
713984384.xlsx - Summary Tab Template Version: 2019

MANDATORY CONTROLS SUMMARY

Architecture Applicability Implementation Means Control Disposition
Control Objective Title
A3
1.1 SWIFT Environment Protection X TBD In Place
1.2 Operating System Privileged Account Control X TBD TBD
1.3 Virtualisation or Cloud Platform Protection X TBD TBD
1.4 Restriction of Internet Access X TBD TBD
1.5 Customer Environment Protection TBD TBD
2.1 Internal Data Flow Security X TBD TBD
2.2 Security Updates X TBD TBD
2.3 System Hardening X TBD TBD
2.6 Operator Session Confidentiality and Integrity X TBD TBD
2.7 Vulnerability Scanning X TBD TBD
2.8 Outsourced Critical Activity Protection X TBD TBD
2.9 Transaction Business Controls X TBD TBD
2.10 Application Hardening X TBD TBD
3.1 Physical Security X TBD TBD
4.1 Password Policy X TBD TBD
4.2 Multi-Factor Authentication X TBD TBD
5.1 Logical Access Control X TBD TBD
5.2 Token Management X TBD TBD
5.4 Physical and Logical Password Storage Protection X TBD TBD
6.1 Malware Protection X TBD TBD
6.2 Software Integrity X TBD TBD
6.3 Database Integrity #REF! #REF!
7.1 Cyber Incident Response Planning X TBD TBD
7.2 Security Training and Awareness X TBD TBD

The information herein is confidential and will not disclosed to third parties without written permission Template Copyright © S.W.I.F.T. SCRL, 2019
713984384.xlsx - 1.1 Tab Template Version: 2019

1.1 Swift ENVIRONMENT PROTECTION

CONTROL INFORMATION
CONTROL OBJECTIVE
Ensure the protection of the user's Swift infrastructure from potentially compromised elements of the general IT environment and external environment.

IN-SCOPE COMPONENTS RISK DRIVERS

• Messaging interface • Compromise of enterprise authentication system
• Communication interface • Compromise of user credentials
• GUI • Credential replay
• SwiftNet Link • Exposure to internet-based attacks
• Hardware Security Module (HSM) • Unauthorized access
• Swift or customer connector
• Jump server
• Dedicated and general-purpose operator PCs

CONTROL STATEMENT
A separated secure zone safeguards the user's Swift infrastructure from compromises and attacks on the broader enterprise and external environments.

CONTROL CONTEXT
Segmentation between the user's Swift infrastructure and its larger enterprise network reduces the attack surface and has shown to be an effective way to defend against cyber attacks that commonly involve compromise of the
general enterprise IT environment. Effective segmentation will include network-level separation, access restrictions, and connectivity restrictions.

ASSESSMENT RESULTS
Implementation Guideline-Level Detail

Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the security goal, regardless of the implementation method used (be it the
suggested guidelines or alternatives).
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope
components relevant for the user’s architecture.
The control statement is a suggested mean to fulfil the control objective and the implementation guidelines are common methods for implementing the control. Even if guidelines can be a good
way to start an assessment, the implementation guidance section should never be considered as an "audit checklist" as each user’s implementation may vary. Therefore, in the case that some
implementation guidelines elements are not present or partially covered, mitigations as well as particular environment specificities have to be taken into account to properly assess the overall
compliance adherence level (again, as per the suggested guidelines or as per alternatives).

Guideline
a) Has the user adequately defined and documented design goals for implementing environment separation? Yes
The bank has a secure zone which is only dedicated for swift infrustructure that includes the autoclient server, secure PC's dedicated for the use of messaging and communication portals only, and adequate
security measures are taken for the safe guarding of the physical tokens. The secure zone is also separated from the banks back office CBS.

Overall design Has the user employed an alternative implementation approach? No

goals for <Alternative guideline implementation approach and details>
implementing
environment
separation

b) Has the user adequately defined and implemented the scope for the secure zone? Yes
there are clear boundaries in the secure zone which include the physical and networking boundaries.

Scope of the
secure zone Has the user employed an alternative implementation approach? No
<Alternative guideline implementation approach and details>

c) Has the user adequately implemented boundary protections for the secure zone? Yes
the bank has set up firewalls on each of the dedicated pc's and the server, secure and strong passwords, proper intrusion detection and adequate physical security.

Protection of the
secure zone -
Boundary Has the user employed an alternative implementation approach?
protection <Alternative guideline implementation approach and details>

The information herein is confidential and will not disclosed to third parties without written permission Template Copyright © S.W.I.F.T. SCRL, 2019
713984384.xlsx - 1.1 Tab Template Version: 2019

d.1) Has the user adequately controlled local operator (end user and administrator) access to the secure zone? Yes
the bank has physical separation of the roles and also uses RBAC and least privilege principle plus logging and monitoring.

Access to the Has the user employed an alternative implementation approach? No

secure zone <Alternative guideline implementation approach and details>
systems - Local
operator access

d.2) Has the user adequately controlled remote operator (teleworker, "on-call" staff, remote administrator) access to the secure zone? N/A
the bank doesn’t use remote access yet all its operations are on the premises for the time being.

Access to the
secure zone Has the user employed an alternative implementation approach? No
systems - Remote <Alternative guideline implementation approach and details>
operator access

e) Has the user adequately separated the secure zone from general enterprise IT services? Yes
the bank has for now being using an on premises infrustructure for swift while the other back office systems like the CBS and other databases are stored at data centers.

Has the user employed an alternative implementation approach?

Separation from
general enterprise
IT services

Summary
Overall Control Disposition In Place
Recommendations
<Recommendations for security enhancements / improvements>

The information herein is confidential and will not disclosed to third parties without written permission Template Copyright © S.W.I.F.T. SCRL, 2019
1.2 (Advisory for B)
CONTROL INFORM

IN-SCOPE COMPONENTS
Administrator-level accounts defined on the following components:
• Systems or virtual machines (VMs) hosting a Swift-related component (including interface, GUI, Swift or customer
connector, jump server)
• dedicated operator PCs
• network devices protecting the secure zone
• on-premises or remote (that is hosted and/or operated by a third party) virtualisation or cloud platform that hosts Swift-
related VM’s
• New HSM
• [Advisory: bridging servers (such as middleware or file transfer servers other than customer connectors) used for and
guardian of the secure data exchange between back-office and Swift-related components]
• [Advisory: General-purpose operator PC]

CONTROL STATE
Access to administrator-level operating system accounts is restricted to the maximum extent possible. Usage is controlled, mo
and emergency activities. At all other times, an accou

CONTROL CONT
Tightly protecting administrator-level accounts within the operating system reduces the opportunity for an attacker to use

ASSESSMENT RES
Implementation Guideline-

Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e. as
guidelines or alterna
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the sta
components relevant for the us
The control statement is a suggested mean to fulfil the control objective and the implementation guidelines
start an assessment, the implementation guidance section should never be considered as an "audit checkli
guidelines elements are not present or partially covered, mitigations as well as particular environment spe
level (again, as per the suggested guidel

Guideline
Summary
Overall Control Disposition
Recommendation
<Recommendations for security enhancements / improvements>
OPERAT
CONTROL INFORMATION

IN-SCOPE COMPONENTS
vel accounts defined on the following components:
tual machines (VMs) hosting a Swift-related component (including interface, GUI, Swift or customer
server)
rator PCs
es protecting the secure zone
r remote (that is hosted and/or operated by a third party) virtualisation or cloud platform that hosts Swift-

ging servers (such as middleware or file transfer servers other than customer connectors) used for and
secure data exchange between back-office and Swift-related components]
neral-purpose operator PC]

CONTROL STATEMENT
inistrator-level operating system accounts is restricted to the maximum extent possible. Usage is controlled, monitored, and only permitted
and emergency activities. At all other times, an account with least privilege acces

CONTROL CONTEXT
otecting administrator-level accounts within the operating system reduces the opportunity for an attacker to use the privileges of the accoun

ASSESSMENT RESULTS
Implementation Guideline-Level Detail

should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the security goal,
guidelines or alternatives).
h, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective, (i
components relevant for the user’s architecture.
statement is a suggested mean to fulfil the control objective and the implementation guidelines are common methods
ssment, the implementation guidance section should never be considered as an "audit checklist" as each user’s imple
lements are not present or partially covered, mitigations as well as particular environment specificities have to be tak
level (again, as per the suggested guidelines or as per alternativ

Has the user adequately restricted and controlled the allocation and usage of administrator-level operating system accounts?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>

Has the user employed an alternative implementation approach?

Summary
ol Disposition
Recommendations
ions for security enhancements / improvements>
OPERATING SYSTEM PRIVILEGED ACCOUNT CONTROL
ROL INFORMATION

RISK DRIVERS
• Deletion of logs and forensic evidence

• Excess privilege or access

• Lack of traceability
• Unauthorized system changes
• HSM management misused

TROL STATEMENT
s controlled, monitored, and only permitted for relevant activities such as software installation and configuration, maintenance,
times, an account with least privilege access is used.

NTROL CONTEXT
n attacker to use the privileges of the account as part of an attack (for example, executing commands, deleting evidence).

SSMENT RESULTS
ation Guideline-Level Detail

control; i.e. assess the security goal, regardless of the implementation method used (be it the suggested
ines or alternatives).
i)Meets the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope
vant for the user’s architecture.
ion guidelines are common methods for implementing the control. Even if guidelines can be a good way to
"audit checklist" as each user’s implementation may vary. Therefore, in the case that some implementation
vironment specificities have to be taken into account to properly assess the overall compliance adherence
gested guidelines or as per alternatives).

nistrator-level operating system accounts?

tails as documented in the CSCF>

Summary

ecommendations
CCOUNT CONTROL

nd configuration, maintenance,

mands, deleting evidence).

used (be it the suggested

documented in-scope

lines can be a good way to

e that some implementation
all compliance adherence
TBD
1.3
CONTROL INFORMATI
CONTROL OBJECTIV
Secure the virtualisation or cloud platform and virtual machines (VMs) that host Swift

IN-SCOPE COMPONENTS
On-premises or remote (that is hosted or operated by a third party, such a a cloud provider, or both) virtualisation or
cloud platform and VM's used to host any of the below Swift related components:

• Messaging interface
• Communication interface
• GUI
• SwiftNet Link
• Swift and Customer connector
• Jump Server
• Dedicated and general-purpose operator PCs
• Firewalls
• [Advisory: bridging servers (such as middleware or file transfer servers other than customer connectors) used for and
guardian of the secure data exchange between back-office and Swift-related components]

• Alliance Connect Virtual VPN instance

Note: This requirement is not applicable when there is no on-premises and remote virtualisation or cloud platform and no
VMs used to host the referred Swift-related components.
Note: It is reminded that containerised applications have to be considered as co-hosted on the same system that hosts
the container itself.

CONTROL STATEMEN
Secure virtualisation or cloud platform, virtualised machines and supporting virtual infrastruc

CONTROL CONTEXT
Security controls that apply to non-virtualised (physical) systems are equally applicable to virtual systems. The additional virtua
could lead to unaccounted machines with the risk of unmanaged, unpatche
If appropriate controls have been implemented to this underlying layer, then Swift does not limit the use of virtual technology
example, virtual firewalls)

ASSESSMENT RESUL
Implementation Guideline-Leve

Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e.
suggested guidelines or altern
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated
components relevant for the user’s
The control statement is a suggested mean to fulfil the control objective and the implementation guidelines
way to start an assessment, the implementation guidance section should never be considered as an "audit
implementation guidelines elements are not present or partially covered, mitigations as well as particular e
compliance adherence level (again, as per the suggested
Guideline

Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
VIRTU
CONTROL INFORMATION
CONTROL OBJECTIVE
Secure the virtualisation or cloud platform and virtual machines (VMs) that host Swift-related compo

IN-SCOPE COMPONENTS
n-premises or remote (that is hosted or operated by a third party, such a a cloud provider, or both) virtualisation or
oud platform and VM's used to host any of the below Swift related components:

Messaging interface
Communication interface
GUI
SwiftNet Link
Swift and Customer connector
Jump Server
Dedicated and general-purpose operator PCs
Firewalls
Advisory: bridging servers (such as middleware or file transfer servers other than customer connectors) used for and
ardian of the secure data exchange between back-office and Swift-related components]

Alliance Connect Virtual VPN instance

ote: This requirement is not applicable when there is no on-premises and remote virtualisation or cloud platform and no
Ms used to host the referred Swift-related components.
ote: It is reminded that containerised applications have to be considered as co-hosted on the same system that hosts
e container itself.

CONTROL STATEMENT
Secure virtualisation or cloud platform, virtualised machines and supporting virtual infrastructure (such as e

CONTROL CONTEXT
ecurity controls that apply to non-virtualised (physical) systems are equally applicable to virtual systems. The additional virtualisation layer n
could lead to unaccounted machines with the risk of unmanaged, unpatched systems op
If appropriate controls have been implemented to this underlying layer, then Swift does not limit the use of virtual technology for any compo
example, virtual firewalls).

ASSESSMENT RESULTS
Implementation Guideline-Level Detail

Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the s
suggested guidelines or alternatives).
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated control obje
components relevant for the user’s architecture
he control statement is a suggested mean to fulfil the control objective and the implementation guidelines are commo
way to start an assessment, the implementation guidance section should never be considered as an "audit checklist" a
mplementation guidelines elements are not present or partially covered, mitigations as well as particular environment
compliance adherence level (again, as per the suggested guidelines
Has the user adequately secured virtualisation platforms and virtual machines (VM’s) hosting Swift related components to the s

Has the user employed an alternative implementation approach?

Summary
verall Control Disposition
Recommendations
Recommendations for security enhancements / improvements>
VIRTUALISATION OR CLOUD PLATFORM PROTECTION
L INFORMATION
OL OBJECTIVE
s) that host Swift-related components to the same level as physical systems

RISK DRIVERS

• Unauthorised access

• Uncontrolled proliferation of systems and data

OL STATEMENT
virtual infrastructure (such as e.g. firewalls) to the same level as physical systems.

OL CONTEXT
e additional virtualisation layer needs extra attention from a security perspective. The uncontrolled proliferation of VMs
anaged, unpatched systems open to unauthorised access to data.
irtual technology for any component of the user's Swift infrastructure or the associated supporting infrastructure (for
virtual firewalls).

MENT RESULTS
Guideline-Level Detail

SP control; i.e. assess the security goal, regardless of the implementation method used (be it the
elines or alternatives).
eets the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope
t for the user’s architecture.
ion guidelines are common methods for implementing the control. Even if guidelines can be a good
ed as an "audit checklist" as each user’s implementation may vary. Therefore, in the case that some
as particular environment specificities have to be taken into account to properly assess the overall
the suggested guidelines or as per alternatives).
wift related components to the same level as physical systems?

mented in the CSCF>

Summary
TBD
mmendations
1.4
CONTROL INFORMAT
CONTROL OBJECTI
Control/Protect Internet access from operator PCs and

IN-SCOPE COMPONENTS
• Dedicated and general-purpose operator PCs
• Jump Server
• Messaging interface
• Communication interface
• GUI
• SwiftNet Link
• Swift and customer connector

• New HSM

• [Advisory: bridging servers (such as middleware or file transfer servers other than customer connectors) used for
and guardian of the secure data exchange between back-office and Swift-related components]
• [Advisory: on-premises or remote (that is hosted and/or operated by a third party) virtualisation or cloud platform
and their management PCs]

CONTROL STATEME
All general-purpose and dedicated operator PCs as well as systems within the secure

CONTROL CONTEX
Direct access to the Internet raises exposure to internet-based attacks. Risk is even higher in case of human interactions (brow
be an entry point that allows lateral movements or injection of command
If reducing the attack surface and vulnerabilities of those systems (as per the relevant controls identified in this
On top of (general) operator PCs that connect Swift-related services
or service providers (such as Swift in the case of Alliance Lite2 or Alliance Cloud, a Service Bureau, a Business Connect or
premises interfaces or GUIs. Insecurely combining access to the “production en

ASSESSMENT RESU
Implementation Guideline-Lev

Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the state
components relevant for the user
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste

Guideline
Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Control/Protect Internet access from operator PCs and systems within the s

IN-SCOPE COMPONENTS
ed and general-purpose operator PCs
erver
ing interface
nication interface

t Link
d customer connector

ry: bridging servers (such as middleware or file transfer servers other than customer connectors) used for
dian of the secure data exchange between back-office and Swift-related components]
ry: on-premises or remote (that is hosted and/or operated by a third party) virtualisation or cloud platform
management PCs]

CONTROL STATEMENT
All general-purpose and dedicated operator PCs as well as systems within the secure zone have controlled

CONTROL CONTEXT
cess to the Internet raises exposure to internet-based attacks. Risk is even higher in case of human interactions (browsing, e-mails, or othe
be an entry point that allows lateral movements or injection of command and control element
If reducing the attack surface and vulnerabilities of those systems (as per the relevant controls identified in this document) is primor
On top of (general) operator PCs that connect Swift-related services or applications offere
vice providers (such as Swift in the case of Alliance Lite2 or Alliance Cloud, a Service Bureau, a Business Connect or an L2BA provider), d
premises interfaces or GUIs. Insecurely combining access to the “production environment” and the In

ASSESSMENT RESULTS
Implementation Guideline-Level Detail

sessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the secur
suggested guidelines or alternatives).
uch, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective
components relevant for the user’s architecture.
ontrol statement is a suggested mean to fulfil the control objective and the implementation guidelines are common me
o start an assessment, the implementation guidance section should never be considered as an "audit checklist" as ea
mentation guidelines elements are not present or partially covered, mitigations as well as particular environment spec
compliance adherence level (again, as per the suggested guidelines or as

Has the user adequately restricted internet access from the secure zone and from general-purpose operator PCs (and from oth
platform - Advisory) in line with the business needs?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>

Has the user employed an alternative implementation approach?

Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
RESTRICTION OF INTERNET ACCESS
NTROL INFORMATION
ONTROL OBJECTIVE
from operator PCs and systems within the secure zone

RISK DRIVERS
• Exposure to internet-based attacks

ONTROL STATEMENT
tems within the secure zone have controlled direct internet access in line with business

ONTROL CONTEXT
man interactions (browsing, e-mails, or other social network activities being permitted). Once compromised, those systems can
or injection of command and control elements (or a combination of both).
ontrols identified in this document) is primordial, then limiting and controlling direct Internet accesses is crucial.
t Swift-related services or applications offered by outsourcing agents
a Business Connect or an L2BA provider), due diligence must be taken to secure (general) operator PCs used to access on-
s to the “production environment” and the Internet could be abused by attackers.

SESSMENT RESULTS
entation Guideline-Level Detail

the CSP control; i.e. assess the security goal, regardless of the implementation method used (be it the
d guidelines or alternatives).
t: (i)Meets the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope
elevant for the user’s architecture.
mentation guidelines are common methods for implementing the control. Even if guidelines can be a good
nsidered as an "audit checklist" as each user’s implementation may vary. Therefore, in the case that some
as well as particular environment specificities have to be taken into account to properly assess the overall
as per the suggested guidelines or as per alternatives).

general-purpose operator PCs (and from other components like middleware servers or the virtualisation
tails as documented in the CSCF>

Summary

Recommendations
NTERNET ACCESS

ompromised, those systems can

esses is crucial.

rator PCs used to access on-

method used (be it the

he documented in-scope

guidelines can be a good

ore, in the case that some
operly assess the overall
TBD
1.5
CONTROL INFORMAT

CONTROL OBJECTI
Ensure the protection of the customer’s connectivity infrastructure from external environment

IN-SCOPE COMPONENTS
• Customer connector
• Dedicated and general-purpose operator PCs
• Jump server
• HSM when used with customer connector

CONTROL STATEME
A separated secure zone safeguards the customer's infrastructure used for external connectivity from extern

CONTROL CONTEX
Segmentation between the customer's connectivity infrastructure and its larger enterprise network reduces the attack sur
compromise of the general enterprise IT environment. Effective segmentation will include netw

ASSESSMENT RESUL
Implementation Guideline-Lev

Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated
components relevant for the user’
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste

Guideline
a)

Overall design
goals for
implementing
environment
separation

Scope of the
secure zone
Scope of the
secure zone

Protection of the
secure zone -
Boundary
protection

d.1)

Access to the
secure zone
systems - Local
operator (end user
and administrator)
access

d.2)

Access to the
secure zone
systems - Remote
operator access

Separation from
general enterprise
IT services

Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION

CONTROL OBJECTIVE
Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially comp

IN-SCOPE COMPONENTS
er connector
ed and general-purpose operator PCs
erver
hen used with customer connector

CONTROL STATEMENT
A separated secure zone safeguards the customer's infrastructure used for external connectivity from external environments and

CONTROL CONTEXT
gmentation between the customer's connectivity infrastructure and its larger enterprise network reduces the attack surface and has shown
compromise of the general enterprise IT environment. Effective segmentation will include network-level separation

ASSESSMENT RESULTS
Implementation Guideline-Level Detail

Has the user adequately defined and documented design goals for implementing environment separation?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>

Has the user employed an alternative implementation approach?

Has the user adequately defined and implemented the scope for the secure zone?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>

Has the user employed an alternative implementation approach?

Has the user adequately implemented boundary protections for the secure zone?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>

Has the user employed an alternative implementation approach?

Has the user adequately controlled local operator (end user and administrator) access to the secure zone?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>

Has the user employed an alternative implementation approach?

Has the user adequately controlled remote operator (teleworker, "on-call" staff, remote administrator) access to the secure zone
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>

Has the user employed an alternative implementation approach?

Has the user adequately separated the secure zone from general enterprise IT services?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>

Has the user employed an alternative implementation approach?

Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
CUSTOMER ENVIRONMENT PROTECTION
NTROL INFORMATION

ONTROL OBJECTIVE
m external environment and potentially compromised elements of the general IT environment.

RISK DRIVERS
• Compromise of enterprise authentication system
• Compromise of user credentials
• Credential replay
• Exposure to internet-based attacks
• Unauthorized access

ONTROL STATEMENT
connectivity from external environments and compromises or attacks on the broader enterprise environment.

ONTROL CONTEXT
reduces the attack surface and has shown to be an effective way to defend against cyber attacks that commonly involve
entation will include network-level separation, access restrictions, and connectivity restrictions.

SESSMENT RESULTS
entation Guideline-Level Detail

nvironment separation?
tails as documented in the CSCF>

tails as documented in the CSCF>

ess to the secure zone?

tails as documented in the CSCF>

ote administrator) access to the secure zone?

tails as documented in the CSCF>

vices?
tails as documented in the CSCF>

Summary

Recommendations
MENT PROTECTION

environment.

cks that commonly involve

method used (be it the

he documented in-scope

guidelines can be a good

ore, in the case that some
operly assess the overall
TBD
2.1
CONTROL INFORMAT
CONTROL OBJECTI
Ensure the confidentiality, integrity, and authenticity of application data

IN-SCOPE COMPONENTS

• On-premises or remote (hosted and/or operated by a third party, or both) user's Swift infrastructure and related
components (including new HSM)

CONTROL STATEME
Confidentiality, integrity, and authentication mechanisms are implemented to protect Swift

CONTROL CONTEX
The protection of internal data flows safeguards against unintended disclosur

ASSESSMENT RESUL
Implementation Guideline-Lev

Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated
components relevant for the user’
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste

Guideline
Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Ensure the confidentiality, integrity, and authenticity of application data flows between user's

IN-SCOPE COMPONENTS

mises or remote (hosted and/or operated by a third party, or both) user's Swift infrastructure and related
nts (including new HSM)

CONTROL STATEMENT
Confidentiality, integrity, and authentication mechanisms are implemented to protect Swift-related component-t

CONTROL CONTEXT
The protection of internal data flows safeguards against unintended disclosure, modification, and a

ASSESSMENT RESULTS
Implementation Guideline-Level Detail

Has the user ensured the confidentiality, integrity, and authenticity of data flows between local Swift-related applications ?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>

Has the user employed an alternative implementation approach?

Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
INTERNAL DATA FLOW SECURITY
NTROL INFORMATION
ONTROL OBJECTIVE
city of application data flows between user's Swift-related Components.

RISK DRIVERS
• Loss of sensitive data confidentiality
• Loss of sensitive data integrity
• Unauthenticated system traffic
• Unauthorised access

ONTROL STATEMENT
mented to protect Swift-related component-to-component or system-to-system data flows.

ONTROL CONTEXT
st unintended disclosure, modification, and access of the data while in transit

SESSMENT RESULTS
entation Guideline-Level Detail

ween local Swift-related applications ?

tails as documented in the CSCF>
Summary

Recommendations
A FLOW SECURITY

method used (be it the

he documented in-scope

guidelines can be a good

ore, in the case that some
operly assess the overall
TBD
2.2
CONTROL INFORMAT
CONTROL OBJECTI
Minimize the occurrence of known technical vulnerabilities on operator PCs and within the user's Swift infrastructure by ensuri
to the assessed risk.

IN-SCOPE COMPONENTS
Hardware and all software running on the following systems, virtual machine, hosts, servers or devices:
• physical systems or virtual machines (VMs) hosting a Swift-related component (including interface, GUI, Swift or
customer connector)
• Dedicated and general-purpose operator PC
• jump server
• On-premises or remote (that is hosted and/or operated by a third party) virtualisation or cloud platform hosting
Swift-related VM’s and their management PCs
• network devices protecting the secure zone

• New HSM

CONTROL STATEME
All hardware and software inside the secure zone and on operator PCs are within the support lifecycle of the vendor, have

CONTROL CONTEX
The closure of known security vulnerabilities is effective in reducing the various pathways that an attacker may use during
manner, is necessary to continuously close these known vulnerab

ASSESSMENT RESUL
Implementation Guideline-Lev

Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated
components relevant for the user’
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste

Guideline
Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
e the occurrence of known technical vulnerabilities on operator PCs and within the user's Swift infrastructure by ensuring vendor support, a
to the assessed risk.

IN-SCOPE COMPONENTS
e and all software running on the following systems, virtual machine, hosts, servers or devices:
l systems or virtual machines (VMs) hosting a Swift-related component (including interface, GUI, Swift or
connector)
ed and general-purpose operator PC
rver
mises or remote (that is hosted and/or operated by a third party) virtualisation or cloud platform hosting
ated VM’s and their management PCs
k devices protecting the secure zone

ry: bridging servers (such as middleware or file transfer servers other than customer connectors) used for
dian of the secure data exchange between back-office and Swift-related components]

CONTROL STATEMENT
ardware and software inside the secure zone and on operator PCs are within the support lifecycle of the vendor, have been upgraded with

CONTROL CONTEXT
closure of known security vulnerabilities is effective in reducing the various pathways that an attacker may use during an attack. A security
manner, is necessary to continuously close these known vulnerabilities when security p

ASSESSMENT RESULTS
Implementation Guideline-Level Detail

Has the user minimized the occurrence of known technical vulnerabilities within the local Swift infrastructure by ensuring vendo
timely security updates aligned to the assessed risk?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>

Has the user employed an alternative implementation approach?

Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
SECURITY UPDATES
NTROL INFORMATION
ONTROL OBJECTIVE
infrastructure by ensuring vendor support, applying mandatory software updates, and applying timely security updates aligned
to the assessed risk.

RISK DRIVERS
• Exploitation of known security vulnerabilities

ONTROL STATEMENT
cle of the vendor, have been upgraded with mandatory software updates, and have had security updates promptly applied.

ONTROL CONTEXT
tacker may use during an attack. A security update process that is comprehensive, repeatable and implemented in a timely
e these known vulnerabilities when security patches are available.

SESSMENT RESULTS
entation Guideline-Level Detail

local Swift infrastructure by ensuring vendor support, applying mandatory software updates, and applying
tails as documented in the CSCF>

Summary

Recommendations
ECURITY UPDATES

timely security updates aligned

y updates promptly applied.

and implemented in a timely

method used (be it the

he documented in-scope

guidelines can be a good

ore, in the case that some
operly assess the overall
TBD
2.3
CONTROL INFORMAT
CONTROL OBJECTI
Reduce the cyber attack surface of Swift-related componen

IN-SCOPE COMPONENTS
• dedicated and general-purpose operator PC
• jump server
• Systems (physical or VMs) hosting a Swift-related component (including interface, GUI, Swift or customer
connector)
• On-premises or remote (that is hosted and/or operated by a third party) virtualisation or cloud platform (also
referred as the hypervisor) hosting Swift-related VM’s and their management PCs
• network devices protecting the secure zone
• [Advisory: bridging servers (such as middleware servers other than customer connectors) used for data exchange
between back-office and Swift-related components]

CONTROL STATEME
Security hardening is conducted on all in-s

CONTROL CONTEX
System hardening applies the security concept of “least privilege” to a system by disabling features and services that are no
protocols that a malicious person may us

ASSESSMENT RESUL
Implementation Guideline-Lev

Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated
components relevant for the user’
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste

Guideline
Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Reduce the cyber attack surface of Swift-related components by performing sys

IN-SCOPE COMPONENTS
ed and general-purpose operator PC
rver
s (physical or VMs) hosting a Swift-related component (including interface, GUI, Swift or customer
r)
mises or remote (that is hosted and/or operated by a third party) virtualisation or cloud platform (also
as the hypervisor) hosting Swift-related VM’s and their management PCs
k devices protecting the secure zone
ry: bridging servers (such as middleware servers other than customer connectors) used for data exchange
back-office and Swift-related components]

CONTROL STATEMENT
Security hardening is conducted on all in-scope components.

CONTROL CONTEXT
m hardening applies the security concept of “least privilege” to a system by disabling features and services that are not required for normal
protocols that a malicious person may use during an attack.

ASSESSMENT RESULTS
Implementation Guideline-Level Detail

Has the user reduced the cyber attack surface of Swift-related components by performing system hardening?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>

Has the user employed an alternative implementation approach?

Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
SYSTEM HARDENING
NTROL INFORMATION
ONTROL OBJECTIVE
Swift-related components by performing system hardening.

RISK DRIVERS
• Excess attack surface
• Exploitation of insecure system configuration

ONTROL STATEMENT
is conducted on all in-scope components.

ONTROL CONTEXT
and services that are not required for normal system operations. This process reduces the system capabilities, features, and
alicious person may use during an attack.

SESSMENT RESULTS
entation Guideline-Level Detail

orming system hardening?

tails as documented in the CSCF>
Summary

Recommendations
STEM HARDENING

em capabilities, features, and

method used (be it the

he documented in-scope

guidelines can be a good

ore, in the case that some
operly assess the overall
TBD
2.6
CONTROL INFORMAT
CONTROL OBJECTI
Protect the confidentiality and integrity of interactive operator sessions that connect to the on-premises or remote (operated
agent Swift-related applicat
IN-SCOPE COMPONENTS
Interactive user, operator or management sessions performed from:
• Dedicated and general-purpose operator PC
• jump server
• Any another intermediate system accessed or used from any of the above to connect to
• Jump server or any other intermediate system accessed or used from any of the above
• systems hosting a Swift-related component (including interface, GUI, Swift and customer connectors)
• network devices protecting the secure zone
• management console of a virtualisation or cloud platform hosting Swift-related components (including Swift and
customer connector)
• interface applications, GUI and Swift or customer connector in the secure zone
• applications at the service provider or outsourcing agent
• HSM
• [Advisory: bridging servers (such as middleware servers other than customer connectors) used for and guardian
of the secure data exchange between back-office and Swift-related components]

CONTROL STATEME
The confidentiality and integrity of interactive operator sessions tha
agent Swift-related applications or into the user's s

CONTROL CONTEX
Operator sessions, through the jump server when accessing the on-premises or remote (that is hosted or operated by a third p
difficult to detect during interactive sessions than it is during application-to-application activity. Therefore, it is important to pro
password theft. When used, access to the virtualisation layer (virtualisation or c

ASSESSMENT RESUL
Implementation Guideline-Lev

Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated
components relevant for the user’
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste

Guideline
Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
OPERATO
CONTROL INFORMATION
CONTROL OBJECTIVE
ct the confidentiality and integrity of interactive operator sessions that connect to the on-premises or remote (operated by a service provider
agent Swift-related applications.
IN-SCOPE COMPONENTS
e user, operator or management sessions performed from:
ed and general-purpose operator PC

other intermediate system accessed or used from any of the above to connect to
erver or any other intermediate system accessed or used from any of the above
s hosting a Swift-related component (including interface, GUI, Swift and customer connectors)
k devices protecting the secure zone
ement console of a virtualisation or cloud platform hosting Swift-related components (including Swift and
connector)
e applications, GUI and Swift or customer connector in the secure zone
ions at the service provider or outsourcing agent

ry: bridging servers (such as middleware servers other than customer connectors) used for and guardian
cure data exchange between back-office and Swift-related components]

CONTROL STATEMENT
The confidentiality and integrity of interactive operator sessions that connect to service p
agent Swift-related applications or into the user's secure zone is safegu

CONTROL CONTEXT
r sessions, through the jump server when accessing the on-premises or remote (that is hosted or operated by a third party, or both) Swift in
to detect during interactive sessions than it is during application-to-application activity. Therefore, it is important to protect the integrity and
password theft. When used, access to the virtualisation layer (virtualisation or cloud management co

ASSESSMENT RESULTS
Implementation Guideline-Level Detail

Has the user adequately protected the confidentiality and integrity of interactive operator sessions connecting to the local Swift
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>

Has the user employed an alternative implementation approach?

Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
OPERATOR SESSION CONFIDENTIALITY AND INTEGRITY
NTROL INFORMATION
ONTROL OBJECTIVE
es or remote (operated by a service provider or outsourcing agent) Swift infrastructure or to a service provider or outsourcing
nt Swift-related applications.
RISK DRIVERS

• Loss of operational confidentiality

• Loss of operational integrity
• Password theft

ONTROL STATEMENT
e operator sessions that connect to service provider or outsourcing
ions or into the user's secure zone is safeguarded.

ONTROL CONTEXT
or operated by a third party, or both) Swift infrastructure, pose a unique threat because unusual or unexpected activity is more
re, it is important to protect the integrity and confidentiality of these operator sessions to reduce any opportunity for misuse or
layer (virtualisation or cloud management console) must be similarly protected.

SESSMENT RESULTS
entation Guideline-Level Detail

erator sessions connecting to the local Swift infrastructure?

tails as documented in the CSCF>

Summary

Recommendations
TY AND INTEGRITY

ervice provider or outsourcing

l or unexpected activity is more

any opportunity for misuse or

method used (be it the

he documented in-scope

guidelines can be a good

ore, in the case that some
operly assess the overall
TBD
2.7 (Advisory for B)
CONTROL INFO
CONTROL OBJ
Identify known vulnerabilities within the user's Swift environment by impleme

IN-SCOPE COMPONENTS
• Jump server
• Dedicated operator PC
• all systems hosting a Swift-related component (including interface, GUI, Swift and customer connectors),
• [Advisory: on-premises or remote (that is hosted and/or operated by a third party) virtualisation or cloud platform hosting
Swift-related VM’s and their management PCs as per optional enhancement]
• [Advisory: bridging servers (such as middleware or file transfer servers other than customer connector used for data
exchange between back-office and Swift-related components]
• [Advisory: general-purpose operator PCs as per the optional enhancement]

CONTROL STA
Secure zone including dedicated operator PC systems are scanned for vulnerabilities using an up-to

CONTROL CO
The detection of known vulnerabilities allows vulnerabilities to be analysed, treated, and mitigated. The mitigation of vulner
process which is effective, repeatable and implemented in a timely manner, is necess

ASSESSMENT R
Implementation Guidel

Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the
components relevant for the
The control statement is a suggested mean to fulfil the control objective and the implementation guideli
start an assessment, the implementation guidance section should never be considered as an "audit che
guidelines elements are not present or partially covered, mitigations as well as particular environment
level (again, as per the suggested gui

Guideline
Summar
Overall Control Disposition
Recommenda
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Identify known vulnerabilities within the user's Swift environment by implementing a regular vulnerability

IN-SCOPE COMPONENTS

rator PC
sting a Swift-related component (including interface, GUI, Swift and customer connectors),
premises or remote (that is hosted and/or operated by a third party) virtualisation or cloud platform hosting
M’s and their management PCs as per optional enhancement]
ging servers (such as middleware or file transfer servers other than customer connector used for data
een back-office and Swift-related components]
eral-purpose operator PCs as per the optional enhancement]

CONTROL STATEMENT
Secure zone including dedicated operator PC systems are scanned for vulnerabilities using an up-to-date, reputable scanning t

CONTROL CONTEXT
of known vulnerabilities allows vulnerabilities to be analysed, treated, and mitigated. The mitigation of vulnerabilities reduces the numbe
process which is effective, repeatable and implemented in a timely manner, is necessary to continuously detect kn

ASSESSMENT RESULTS
Implementation Guideline-Level Detail

should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the security go
guidelines or alternatives).
h, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective
components relevant for the user’s architecture.
statement is a suggested mean to fulfil the control objective and the implementation guidelines are common metho
ssment, the implementation guidance section should never be considered as an "audit checklist" as each user’s im
lements are not present or partially covered, mitigations as well as particular environment specificities have to be
level (again, as per the suggested guidelines or as per alterna

Has the user identified known vulnerabilities within the local Swift environment by implementing a regular vulnerability scann
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>

Has the user employed an alternative implementation approach?

Summary
ol Disposition
Recommendations
ions for security enhancements / improvements>
VULNERABILITY SCANNING
ROL INFORMATION
TROL OBJECTIVE
t by implementing a regular vulnerability scanning process and act upon results.

RISK DRIVERS
• Exploitation of known security vulnerabilities
• Unknown security vulnerabilities or security misconfigurations

TROL STATEMENT
sing an up-to-date, reputable scanning tool and results are considered for appropriate resolving actions.

NTROL CONTEXT
ion of vulnerabilities reduces the number of pathways that a malicious actor can use during an attack. A vulnerability scanning
er, is necessary to continuously detect known vulnerabilities and to allow for further action.

SSMENT RESULTS
tion Guideline-Level Detail

control; i.e. assess the security goal, regardless of the implementation method used (be it the suggested
ines or alternatives).
)Meets the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope
vant for the user’s architecture.
ion guidelines are common methods for implementing the control. Even if guidelines can be a good way to
"audit checklist" as each user’s implementation may vary. Therefore, in the case that some implementation
vironment specificities have to be taken into account to properly assess the overall compliance adherence
gested guidelines or as per alternatives).

mplementing a regular vulnerability scanning process and acted upon results?

tails as documented in the CSCF>
Summary

ecommendations
ABILITY SCANNING

g actions.

attack. A vulnerability scanning

used (be it the suggested

documented in-scope

ines can be a good way to

that some implementation
all compliance adherence
TBD
2.8
CONTROL INFORM

CONTROL OBJE
Ensure protection, in line with the CSCF, of the user's Swift infrastructure

IN-SCOPE COMPONENTS
• This organisational control applicable when critical Swift related activities are outsourced to a third party or a service
provider.
Note: This control remains strongly recommended even when the activities being outsourced are not critical.

• As per the “Scope of Security Controls” section, the ‘user’s Swift infrastructure’ encompasses the
collection of, on-premises or remote (that is hosted or operated by a third party, or both), Swiftcomponents managed by or
for users by a third -party, including applications, network devices, tokens
and other removable media, and supporting hardware

Note:
• Users that engage with third parties (for example, an external IT provider, a cloud provider or an
outsourcing agent) or service providers (such as a service bureau, a Business Connect or a Lite2 for
Business Application provider) to host or operate in full or in part the user’s Swift infrastructure must:
− attest for their comprehensive architecture type (as if it was operated on premises) and therefore,
− obtain reasonable comfort from such third parties or services providers that the outsourced activities
are protected, at a minimum, to the same standard of care as if operated within the originating
organisation and in line with the CSCF security controls. Such third parties and service providers are
allowed to rely on their compliance programme that usually builds on maintained certification(s) or
assurance, and to map these with the CSCF controls when providing comfort to users they serve.

• This control remains strongly recommended even when the outsourced activities being outsourced are
not critical.

CONTROL STATE
Critical outsourced activities are protected, at a minimum, to the same stan
CONTROL CON
When critical activities are outsourced to third parties (for example, external IT provider, cloud provider or outsourcing agent)
essential that at a minimum, the original standard of care for security is maintained (in addition to adherence to this cu

Note:
• Swift defines the following activities, related to the user’s
− security management and change management of the hardware, including HSM, and software (including applications, op
− RMA and Business Transaction controls-related opera
− accessing sensitive user data (for example, message conte
− monitoring of events generated by the user’s Swift infr
− network management and configuration o
− Swift-related transaction operations (for example, creation or modification of a financ
- Security administration of the users entitlements, their tokens or (private)
− Ancillary services operations when sharing/reusing, for those ancillary services, credentials and roles/entitlements (accou
accesses are not to be consid
• External contractors are not always consi
- if those external contractors are members of the of the institution task forc
− however, if external contractors manage or operate user’s components remotely from their company locati
third-party resour

ASSESSMENT RE
Implementation Guideline

Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e. a
guidelines or altern
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated c
relevant for the user’s a
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
start an assessment, the implementation guidance section should never be considered as an "audit check
guidelines elements are not present or partially covered, mitigations as well as particular environment sp
level (again, as per the suggested guide

Guideline
Summary
Overall Control Disposition
Recommendatio
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION

CONTROL OBJECTIVE
Ensure protection, in line with the CSCF, of the user's Swift infrastructure from risks exposed

IN-SCOPE COMPONENTS
ganisational control applicable when critical Swift related activities are outsourced to a third party or a service

s control remains strongly recommended even when the activities being outsourced are not critical.

he “Scope of Security Controls” section, the ‘user’s Swift infrastructure’ encompasses the
of, on-premises or remote (that is hosted or operated by a third party, or both), Swiftcomponents managed by or
by a third -party, including applications, network devices, tokens
r removable media, and supporting hardware

hat engage with third parties (for example, an external IT provider, a cloud provider or an
ng agent) or service providers (such as a service bureau, a Business Connect or a Lite2 for
Application provider) to host or operate in full or in part the user’s Swift infrastructure must:
or their comprehensive architecture type (as if it was operated on premises) and therefore,
easonable comfort from such third parties or services providers that the outsourced activities
cted, at a minimum, to the same standard of care as if operated within the originating
ion and in line with the CSCF security controls. Such third parties and service providers are
o rely on their compliance programme that usually builds on maintained certification(s) or
e, and to map these with the CSCF controls when providing comfort to users they serve.

ntrol remains strongly recommended even when the outsourced activities being outsourced are
al.

CONTROL STATEMENT
Critical outsourced activities are protected, at a minimum, to the same standard of care as if ope
CONTROL CONTEXT
critical activities are outsourced to third parties (for example, external IT provider, cloud provider or outsourcing agent) or services providers
essential that at a minimum, the original standard of care for security is maintained (in addition to adherence to this customer security cont

Note:
• Swift defines the following activities, related to the user’s Swift infrastructure a
curity management and change management of the hardware, including HSM, and software (including applications, operating system, and u
− RMA and Business Transaction controls-related operations (in support of c
− accessing sensitive user data (for example, message content) processed by the
− monitoring of events generated by the user’s Swift infrastructure that conta
− network management and configuration of the user’s Swift infra
− Swift-related transaction operations (for example, creation or modification of a financial transaction messa
- Security administration of the users entitlements, their tokens or (private) keys needed to perfo
cillary services operations when sharing/reusing, for those ancillary services, credentials and roles/entitlements (accounts) used for Swift-re
accesses are not to be considered as in scope
• External contractors are not always considered as third party re
- if those external contractors are members of the of the institution task force as contributors, the
− however, if external contractors manage or operate user’s components remotely from their company location or equipment, as p
third-party resources

ASSESSMENT RESULTS
Implementation Guideline-Level Detail

essors should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the securit
guidelines or alternatives).
h, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective, (i
relevant for the user’s architecture.
ontrol statement is a suggested mean to fulfil the control objective and the implementation guidelines are common me
n assessment, the implementation guidance section should never be considered as an "audit checklist" as each user’
lines elements are not present or partially covered, mitigations as well as particular environment specificities have to
level (again, as per the suggested guidelines or as per alte

Has the user adequately ensured the protection of local Swift infrastructure from risks exposed by the outsourcing of critical act
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>

Has the user employed an alternative implementation approach?

Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
Outsourced Critical Activity Protection
ROL INFORMATION

TROL OBJECTIVE
ft infrastructure from risks exposed by the outsourcing of critical activities.

RISK DRIVERS

• Exposure to sub-standard security practices

ROL STATEMENT
the same standard of care as if operated within the originating organisation.
TROL CONTEXT
ourcing agent) or services providers (service bureau, a Business Connect or or a Lite2 for Business Application provider), it is
ence to this customer security control framework) to ensure that no new weaknesses or vulnerabilities are introduced.

Note:
d to the user’s Swift infrastructure at a minimum, as critical:
pplications, operating system, and underlying virtualised platform or infrastructure) supporting the user’s Swift infrastructure
s-related operations (in support of controls 2.9 and 2.11)
message content) processed by the user’s Swift infrastructure
user’s Swift infrastructure that contain sensitive user data
onfiguration of the user’s Swift infrastructure
tion of a financial transaction message within the messaging interface or a connector)
ns or (private) keys needed to perform Swiftrelated transaction operations.
ements (accounts) used for Swift-related transaction operations. Otherwise, such separated/independent ancillary services
ot to be considered as in scope
t always considered as third party resources:
ution task force as contributors, then they are considered user’s employees
ompany location or equipment, as part of a managed service contractual agreement, they are considered as
d-party resources

SSMENT RESULTS
ion Guideline-Level Detail

control; i.e. assess the security goal, regardless of the implementation method used (be it the suggested
nes or alternatives).
the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope components
the user’s architecture.
on guidelines are common methods for implementing the control. Even if guidelines can be a good way to
"audit checklist" as each user’s implementation may vary. Therefore, in the case that some implementation
ironment specificities have to be taken into account to properly assess the overall compliance adherence
gested guidelines or as per alternatives).

sed by the outsourcing of critical activities?

documented in the CSCF>
Summary

commendations
Activity Protection
ness Application provider), it is
abilities are introduced.

he user’s Swift infrastructure

dependent ancillary services

considered as

sed (be it the suggested

nted in-scope components

nes can be a good way to

that some implementation
all compliance adherence
TBD
2.9
CONTROL INFORMAT
CONTROL OBJECTI
Ensure outbound transaction activity within the expec

IN-SCOPE COMPONENTS
• GUI
• messaging interface
• communication interface
• SWFT and customer connector

Note: Components are mentioned as the vector for outbound transaction business, not necessarily where the
controls are performed (these controls can be business controls performed outside of the secure zone).
Transaction activity refers to payment instructions. Reliance on other relevant recent (business) assessment, audit
or regulator answers to confirm effectiveness of the control is an option

CONTROL STATEME
Implement transaction detection, prevention or validation controls, or a combination of them to ensure

CONTROL CONTEX
Implementing business controls that restrict Swift transactions to the fullest extent possible reduces the opportunity for the se
best determined through an analysis of normal business activity. Parameters can then be set

ASSESSMENT RESU
Implementation Guideline-Lev

Guideline
Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Ensure outbound transaction activity within the expected bounds of normal

IN-SCOPE COMPONENTS

ing interface
nication interface
and customer connector

mponents are mentioned as the vector for outbound transaction business, not necessarily where the
are performed (these controls can be business controls performed outside of the secure zone).
on activity refers to payment instructions. Reliance on other relevant recent (business) assessment, audit
tor answers to confirm effectiveness of the control is an option

CONTROL STATEMENT
Implement transaction detection, prevention or validation controls, or a combination of them to ensure outbound transactio

CONTROL CONTEXT
menting business controls that restrict Swift transactions to the fullest extent possible reduces the opportunity for the sending (outbound) and
best determined through an analysis of normal business activity. Parameters can then be set to restrict business to

ASSESSMENT RESULTS
Implementation Guideline-Level Detail

Has the user restricted transaction activity within the expected bounds of normal business by at least one detective or/and prev
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>
Has the user employed an alternative implementation approach?
<Alternative guideline implementation approach and details>
Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
TRANSACTION BUSINESS CONTROLS
NTROL INFORMATION
ONTROL OBJECTIVE
ctivity within the expected bounds of normal business.

RISK DRIVERS
• Undetected anomalies or suspicious activity

ONTROL STATEMENT
nation of them to ensure outbound transaction activity within the expected bounds of normal business.

ONTROL CONTEXT
e opportunity for the sending (outbound) and, optionally, receiving (inbound) of fraudulent transactions. These restrictions are
meters can then be set to restrict business to acceptable thresholds based on “normal” activity.

SESSMENT RESULTS
entation Guideline-Level Detail

siness by at least one detective or/and preventive control(s) ?

tails as documented in the CSCF>
Summary

Recommendations
SINESS CONTROLS

iness.

actions. These restrictions are

method used (be it the

he documented in-scope

guidelines can be a good

ore, in the case that some
operly assess the overall
TBD
2.10
CONTROL INFORMATION
CONTROL OBJECTIVE
Reduce the attack surface of Swift-related components by performing application hardening on the Swift-compatible me

IN-SCOPE COMPONENTS
• Messaging interface
• Communication interface
• GUI
• SwiftNet Link
• Swift connector

CONTROL STATEMENT
All messaging interfaces and communication interfaces products within the Swift secure zone are Swift compatible. App

CONTROL CONTEXT
Application hardening applies the security concept of “least privilege” to an application by disabling features and servic
capabilities, features, and protocols that may be used during an attack. The process also m
In addition, Swift runs a Compatible Interface Programme to make sure interfaces are aligned with current practices and
individual product capabilities. Upon the successful validation of the test results by the Swift Test Authority, the interface is
customers must use a Swift-compatible in

ASSESSMENT RESULTS
Implementation Guideline-Level De

Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e.
(be it the suggested guidelines or alter
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the
documented in-scope components relevant for the
The control statement is a suggested mean to fulfil the control objective and the implementation guideli
can be a good way to start an assessment, the implementation guidance section should never be con
Therefore, in the case that some implementation guidelines elements are not present or partially cover
taken into account to properly assess the overall compliance adherence level (again,

Has the user adequately reduced the attack surface of Swift-related components by performing application
Guideline
messaging and communication interfaces and related applications?

<Observations & response justification - address all subordinate implementation details as documented in

Has the user employed an alternative implementation approach?

Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
APPL
CONTROL INFORMATION
CONTROL OBJECTIVE
t-related components by performing application hardening on the Swift-compatible messaging and communication interfaces, the Swift

RISK DRIVERS
• Excess attack surface
• Exploitation of insecure application configuration

CONTROL STATEMENT
munication interfaces products within the Swift secure zone are Swift compatible. Application Security hardening is conducted and main

CONTROL CONTEXT
e security concept of “least privilege” to an application by disabling features and services that are not required for normal operations. Th
bilities, features, and protocols that may be used during an attack. The process also makes sure that potential default credentials are ch
e Interface Programme to make sure interfaces are aligned with current practices and to give the customer additional assurance, guara
the successful validation of the test results by the Swift Test Authority, the interface is published in the Compatible Register. As per the
customers must use a Swift-compatible interface.

ASSESSMENT RESULTS
Implementation Guideline-Level Detail

ased approach to assess the user’s compliance with the CSP control; i.e. assess the security goal, regardless of th
(be it the suggested guidelines or alternatives).
CSP security control, users must implement a solution that: (i)Meets the stated control objective, (ii) Addresses th
documented in-scope components relevant for the user’s architecture.
gested mean to fulfil the control objective and the implementation guidelines are common methods for implementin
n assessment, the implementation guidance section should never be considered as an "audit checklist" as each us
me implementation guidelines elements are not present or partially covered, mitigations as well as particular enviro
ccount to properly assess the overall compliance adherence level (again, as per the suggested guidelines or as per

ately reduced the attack surface of Swift-related components by performing application hardening on the Swift-certified
munication interfaces and related applications?

ponse justification - address all subordinate implementation details as documented in the CSCF>

ed an alternative implementation approach?

e implementation approach and details>

Summary

Recommendations
ncements / improvements>
APPLICATION HARDENING

n interfaces, the Swift connector and related applications.

s conducted and maintained on all in-scope components.

normal operations. This process reduces the application

ault credentials are changed.
onal assurance, guarantees, and better visibility regarding
e Register. As per the Swift General Terms and Conditions,

al, regardless of the implementation method used

e, (ii) Addresses the risks and (iii) Covers the

ds for implementing the control. Even if guidelines

ecklist" as each user’s implementation may vary.
as particular environment specificities have to be
uidelines or as per alternatives).

TBD
3.1
CONTROL INFORMAT
CONTROL OBJECTI
Prevent unauthorized physical access to sensitive equipment, workp

IN-SCOPE COMPONENTS
• Dedicated and general-purpose operator PC including removable equipment
• Jump server
• on-premises or remote (hosted or operated by a third party, or both) hardware, including HSM, hosting a Swift-
related component (including interface, GUI, Swift and customer connectors)
• on-pemises or remote (hosted or operated by a third party, or both) hardware supporting virtualisation or cloud
platform and hosting Swift-related VMs
• [Advisory: bridging servers (such as middleware or file transfer servers other than customer
connectors) used for and guardian of the secure data exchange between back-office and Swift-related
components]
• Alliance Connect SRX VPN boxes and Alliance Connect Virtual VPN instances
Note: Alliance Connect SRX VPN boxes and Alliance Connect Virtual VPN instances (hosting systems or
machines) must also be in an environment with appropriate physical controls as described below.

CONTROL STATEME
Physical security controls are in place to protect access to sensit

CONTROL CONTEX
Implementing physical security controls protects against insider and external threats, and re

ASSESSMENT RESUL
Implementation Guideline-Lev

Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated
components relevant for the user’
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste

Guideline
Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Prevent unauthorized physical access to sensitive equipment, workplace environments, h

IN-SCOPE COMPONENTS
ed and general-purpose operator PC including removable equipment
erver
mises or remote (hosted or operated by a third party, or both) hardware, including HSM, hosting a Swift-
omponent (including interface, GUI, Swift and customer connectors)
ises or remote (hosted or operated by a third party, or both) hardware supporting virtualisation or cloud
and hosting Swift-related VMs
ry: bridging servers (such as middleware or file transfer servers other than customer
rs) used for and guardian of the secure data exchange between back-office and Swift-related
nts]
Connect SRX VPN boxes and Alliance Connect Virtual VPN instances
iance Connect SRX VPN boxes and Alliance Connect Virtual VPN instances (hosting systems or
s) must also be in an environment with appropriate physical controls as described below.

CONTROL STATEMENT
Physical security controls are in place to protect access to sensitive equipment, hostin

CONTROL CONTEXT
Implementing physical security controls protects against insider and external threats, and reduces opportunistic

ASSESSMENT RESULTS
Implementation Guideline-Level Detail

Has the user prevented unauthorized physical access to sensitive equipment, workplace environments, hosting sites, and stora
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>

Has the user employed an alternative implementation approach?

Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
PHYSICAL SECURITY
NTROL INFORMATION
ONTROL OBJECTIVE
itive equipment, workplace environments, hosting sites, and storage.

RISK DRIVERS

• Lack of traceability

• Unauthorized physical access

ONTROL STATEMENT
protect access to sensitive equipment, hosting sites, and storage.

ONTROL CONTEXT
external threats, and reduces opportunistic attacks enabled by access to physical systems.

SESSMENT RESULTS
entation Guideline-Level Detail

place environments, hosting sites, and storage?

tails as documented in the CSCF>

Summary

Recommendations
YSICAL SECURITY

method used (be it the

he documented in-scope

guidelines can be a good

ore, in the case that some
operly assess the overall
TBD
4.1
CONTROL INFORMAT
CONTROL OBJECTI
Ensure passwords are sufficiently resistant against common password attacks by

IN-SCOPE COMPONENTS
Passwords defined on the following components:
• dedicated and general-purpose operator PCs and when used jump server
• jump server
• Swift-related components (including interfaces, GUI, Swift and customer connectors, new HSM)
• systems hosting Swift-related components
• network devices protecting the secure zone
• on-premises or remote (hosted and/or operated by a third party) virtualisation or cloud platform hosting Swift-
related VM’s and their management PCs
• [Advisory:bridging servers (such as middleware or file transfer servers other than customer connectors used for
and guardian of the data exchange between back-office and Swift-related components]
• Personal tokens and personal mobile devices used as possession factor for multi-factor authentication
(considered as software tokens) (see control 4.2)

CONTROL STATEME
All application and operating system accounts enforce passwords with appropriate parameters such as length, complexity, va
passwords or Personal Identification Number (PIN)

CONTROL CONTEX
Implementing a password policy that protects against common password attacks (for example, guessing and brute force) is ef
account to move laterally within an environment and progress the attack. Another risk is the compro

It is however important to recognise that passwords alone are generally not sufficient in the current cyber threat landscape. U

ASSESSMENT RESUL
Implementation Guideline-Lev

Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated
components relevant for the user’
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste

Guideline
Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Ensure passwords are sufficiently resistant against common password attacks by implementing and e

IN-SCOPE COMPONENTS
ds defined on the following components:
ed and general-purpose operator PCs and when used jump server
rver
lated components (including interfaces, GUI, Swift and customer connectors, new HSM)
s hosting Swift-related components
k devices protecting the secure zone
mises or remote (hosted and/or operated by a third party) virtualisation or cloud platform hosting Swift-
M’s and their management PCs
ry:bridging servers (such as middleware or file transfer servers other than customer connectors used for
dian of the data exchange between back-office and Swift-related components]
al tokens and personal mobile devices used as possession factor for multi-factor authentication
ed as software tokens) (see control 4.2)

CONTROL STATEMENT
lication and operating system accounts enforce passwords with appropriate parameters such as length, complexity, validity, and the numbe
passwords or Personal Identification Number (PIN) with appropriate para

CONTROL CONTEXT
enting a password policy that protects against common password attacks (for example, guessing and brute force) is effective for protecting
account to move laterally within an environment and progress the attack. Another risk is the compromise of local authent

owever important to recognise that passwords alone are generally not sufficient in the current cyber threat landscape. Users should conside

ASSESSMENT RESULTS
Implementation Guideline-Level Detail

Has the user ensured passwords are sufficiently resistant against common password attacks by implementing and enforcing an
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>

Has the user employed an alternative implementation approach?

Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
PASSWORD POLICY
NTROL INFORMATION
ONTROL OBJECTIVE
on password attacks by implementing and enforcing an effective password policy.

RISK DRIVERS

• Password cracking, guessing, or other computational compromise

ONTROL STATEMENT
s length, complexity, validity, and the number of failed log-in attempts. Similarly, personal tokens and mobile devices enforce
ification Number (PIN) with appropriate parameters.

ONTROL CONTEXT
g and brute force) is effective for protecting against account compromise. Attackers often use the privileges of a compromised
other risk is the compromise of local authentication keys to tamper with the integrity of transactions.

yber threat landscape. Users should consider this control in close relationship with the multifactor authentication requirement.

SESSMENT RESULTS
entation Guideline-Level Detail

rd attacks by implementing and enforcing an effective password policy?

tails as documented in the CSCF>

Summary

Recommendations
ASSWORD POLICY

ns and mobile devices enforce

he privileges of a compromised
ons.

or authentication requirement.

method used (be it the

he documented in-scope

guidelines can be a good

ore, in the case that some
operly assess the overall
TBD
4.2
CONTROL INFORMAT
CONTROL OBJECTI
Prevent that a compromise of a single authentication factor allows access into Swift-related

IN-SCOPE COMPONENTS
• Dedicated Operator PC log-in
• access to jump server and to new HSM
• login process to the messaging interface (including a related hosted database), communication interface, Swift
and customer connector (including a related hosted database) or a service provider or outsourcing
agent Swift-related application

• login process to (operating) systems hosting the messaging interface (including a hosted database), Swift and
customer connector (including a related hosted database) and communication interface or a service provider or
outsourcing agent Swift-related application
• Access to the remote Swift infrastructure (hosted and/or operated by a third party)

CONTROL STATEME
Multi-factor authentication is used for interactive user access to Swift-related com

CONTROL CONTEX
Multi-factor authentication requires the presentation of two or more of the

• Knowledge factor (something the operator know

• possession factor: something the operator has (for example, c
disconnected tokens such as a (time based) one-time password-
a cryptographic private key that runs on another device like op
software token, RSA token, 3-Skey Digital and its mobile vers
Digipass)
• Inherence factor (something the operator is), typically, biometrics such

Implementing multi-factor authentication provides an additional layer of protection against common authentication attacks (for
account compromise for malicious transaction processing. Attackers often use the privileges of a compr

ASSESSMENT RESUL
Implementation Guideline-Lev

Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated
components relevant for the user’
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggest

Guideline
Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Prevent that a compromise of a single authentication factor allows access into Swift-related systems or applicati

IN-SCOPE COMPONENTS
ed Operator PC log-in
to jump server and to new HSM
ocess to the messaging interface (including a related hosted database), communication interface, Swift
omer connector (including a related hosted database) or a service provider or outsourcing
wift-related application

ocess to (operating) systems hosting the messaging interface (including a hosted database), Swift and
connector (including a related hosted database) and communication interface or a service provider or
ng agent Swift-related application
to the remote Swift infrastructure (hosted and/or operated by a third party)

CONTROL STATEMENT
Multi-factor authentication is used for interactive user access to Swift-related components or applicati

CONTROL CONTEXT
Multi-factor authentication requires the presentation of two or more of the below mentioned co

• Knowledge factor (something the operator knows), typically, a passw

• possession factor: something the operator has (for example, connected USB token
disconnected tokens such as a (time based) one-time password- (T)OTP- generator o
a cryptographic private key that runs on another device like operator’s mobile phon
software token, RSA token, 3-Skey Digital and its mobile version considered as a s
Digipass)
• Inherence factor (something the operator is), typically, biometrics such as fingerprint, retina

enting multi-factor authentication provides an additional layer of protection against common authentication attacks (for example, shoulder s
account compromise for malicious transaction processing. Attackers often use the privileges of a compromised account to m

ASSESSMENT RESULTS
Implementation Guideline-Level Detail

Has the user prevented that a compromise of a single authentication factor allows access into Swift systems, by implementing m
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>

Has the user employed an alternative implementation approach?

Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
MULTI-FACTOR AUTHENTICATION
NTROL INFORMATION
ONTROL OBJECTIVE
ccess into Swift-related systems or applications by implementing multi-factor authentication

RISK DRIVERS
• Credential replay
• Password cracking, guessing, or other computational compromise

• Password theft

ONTROL STATEMENT
ess to Swift-related components or applications and operating system accounts.

ONTROL CONTEXT
on of two or more of the below mentioned common authentication factors:

ething the operator knows), typically, a password.

ator has (for example, connected USB tokens or smart cards, or
ed) one-time password- (T)OTP- generator or application storing
n another device like operator’s mobile phone considered as a
gital and its mobile version considered as a software token, or
Digipass)
pically, biometrics such as fingerprint, retina scans or voice recognition.

hentication attacks (for example, shoulder surfing, password re-use, or weak passwords) and provides further protection from
he privileges of a compromised account to move laterally within an environment and progress an attack.

SESSMENT RESULTS
entation Guideline-Level Detail

the CSP control; i.e. assess the security goal, regardless of the implementation method used (be it the
d guidelines or alternatives).
t: (i)Meets the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope
elevant for the user’s architecture.
mentation guidelines are common methods for implementing the control. Even if guidelines can be a good
nsidered as an "audit checklist" as each user’s implementation may vary. Therefore, in the case that some
as well as particular environment specificities have to be taken into account to properly assess the overall
, as per the suggeste guidelines or as per alternatives).

access into Swift systems, by implementing multi-factor authentication?

tails as documented in the CSCF>

Summary

Recommendations
AUTHENTICATION

rovides further protection from

n attack.

method used (be it the

he documented in-scope

guidelines can be a good

ore, in the case that some
operly assess the overall
TBD
5.1
CONTROL INFORMAT
CONTROL OBJECTI
Enforce the security principles of need-to-know access, least privilege,

IN-SCOPE COMPONENTS
User, operator or management accounts defined on the following components:

• on-premises or remote virtualisation or cloud platform and their management PCs, hosting Swift-related VMs
and , on those VMs themselves
• Jump Server
• dedicated operator PCs
• operating systems hosting interfaces, GUI, Swift and customer connectors, service provider or outsourcing agent
Swift-related, applications

• interfaces, GUI, connectors or service provider or outsourcing agent Swift-related applications

• HSM
• network devices protecting the secure zone
• SwiftNet Online Operations Manager (O2M) on Swift.com

• [Advisory: All operator accounts on the bridging servers (such as middleware or file transfer servers other than
customer connectors used for and guardian of the data exchange between back-office and Swift-related
components]

Note: Sharing/reusing credentials and roles/entitlements (accounts) for business transactions on other systems or
components used for ancillary services will turn those systems or components in scope of the CSCF controls.

CONTROL STATEME
Accounts are defined according to the security principles of need-to-know

CONTROL CONTEX
Applying the security principles of (1) need-to-know, (2) least privilege, and (3) separation of duties is essential to restrictin
opportunities for a malicious person to use acco

ASSESSMENT RESUL
Implementation Guideline-Lev

Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated
components relevant for the user’
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste

Guideline
Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Enforce the security principles of need-to-know access, least privilege, and separation of du

IN-SCOPE COMPONENTS
erator or management accounts defined on the following components:

mises or remote virtualisation or cloud platform and their management PCs, hosting Swift-related VMs
those VMs themselves
erver
ed operator PCs
ng systems hosting interfaces, GUI, Swift and customer connectors, service provider or outsourcing agent
ated, applications

es, GUI, connectors or service provider or outsourcing agent Swift-related applications

k devices protecting the secure zone

t Online Operations Manager (O2M) on Swift.com

ry: All operator accounts on the bridging servers (such as middleware or file transfer servers other than
connectors used for and guardian of the data exchange between back-office and Swift-related
nts]

aring/reusing credentials and roles/entitlements (accounts) for business transactions on other systems or
nts used for ancillary services will turn those systems or components in scope of the CSCF controls.

CONTROL STATEMENT
Accounts are defined according to the security principles of need-to-know access, least privile

CONTROL CONTEXT
lying the security principles of (1) need-to-know, (2) least privilege, and (3) separation of duties is essential to restricting access to the user'
opportunities for a malicious person to use accounts as part of an att

ASSESSMENT RESULTS
Implementation Guideline-Level Detail

Has the user enforced the security principles of need-to-know access, least privilege, and separation of duties for operator acco
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>

Has the user employed an alternative implementation approach?

Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
LOGICAL ACCESS CONTROL
NTROL INFORMATION
ONTROL OBJECTIVE
access, least privilege, and separation of duties for operator accounts.

RISK DRIVERS
• Excess privilege or access

• separation of duty violations

• Unauthorized access
• HSM management misused

ONTROL STATEMENT
nciples of need-to-know access, least privilege, and separation of duties.

ONTROL CONTEXT
is essential to restricting access to the user's Swift infrastructure. Effective management of operator accounts reduces the
ous person to use accounts as part of an attack.

SESSMENT RESULTS
entation Guideline-Level Detail

e, and separation of duties for operator accounts?

tails as documented in the CSCF>

Summary

Recommendations
ACCESS CONTROL

rator accounts reduces the

method used (be it the

he documented in-scope

guidelines can be a good

ore, in the case that some
operly assess the overall
TBD
5.2
CONTROL INFORMAT
CONTROL OBJECTI
Ensure the proper management, tracking, and use of connected and disconnected hardware a

IN-SCOPE COMPONENTS
• Connected and disconnected hardware authentication or personal tokens used for Swift operations or secure
zone access
• software tokens used as second authentication factor (when explicitly identified for their assignment and
management in support of control 4.2)
• PIN Entry Device (PED) used for HSM operations

CONTROL STATEME
Connected and disconnected hardware authentication or personal tokens are managed appr

CONTROL CONTEX
The protection of connected and disconnected hardware authentication, personal tokens or software tokens is essential to sa
additional layer of protection from

ASSESSMENT RESUL
Implementation Guideline-Lev

Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated
components relevant for the user’
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste

Guideline
Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Ensure the proper management, tracking, and use of connected and disconnected hardware authentication or pers

IN-SCOPE COMPONENTS
ted and disconnected hardware authentication or personal tokens used for Swift operations or secure
ess
e tokens used as second authentication factor (when explicitly identified for their assignment and
ment in support of control 4.2)
ry Device (PED) used for HSM operations

CONTROL STATEMENT
Connected and disconnected hardware authentication or personal tokens are managed appropriately during assig

CONTROL CONTEXT
otection of connected and disconnected hardware authentication, personal tokens or software tokens is essential to safeguarding the relate
additional layer of protection from attackers.

ASSESSMENT RESULTS
Implementation Guideline-Level Detail

Has the user ensured the proper management, tracking, and use of connected and disconnected hardware authentication toke
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>

Has the user employed an alternative implementation approach?

Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
TOKEN MANAGEMENT
NTROL INFORMATION
ONTROL OBJECTIVE
sconnected hardware authentication or personal and software tokens (when tokens are used).

RISK DRIVERS
• Authentication token theft

• Lack of traceability
• HSM management misused

ONTROL STATEMENT
ens are managed appropriately during assignment, distribution, revocation, use, and storage.

ONTROL CONTEXT
okens is essential to safeguarding the related operator or system account and reinforces good security practice, providing an
layer of protection from attackers.

SESSMENT RESULTS
entation Guideline-Level Detail

disconnected hardware authentication tokens (when tokens are used)?

tails as documented in the CSCF>
Summary

Recommendations
EN MANAGEMENT

security practice, providing an

method used (be it the

he documented in-scope

guidelines can be a good

ore, in the case that some
operly assess the overall
TBD
5.4
CONTROL INFORMAT
CONTROL OBJECTI
Protect physically and logically the repository

IN-SCOPE COMPONENTS
Repository recording accounts and passwords defined on the following components:
• Dedicated and general-purpose operator PC
• jump server

• Swift-related components (including interfaces, GUI, Swift and customer connectors)

• systems or virtual machines hosting Swift-related components
• HSM and related tokens
• network devices components protecting the secure zone
• on-premises or remote (hosted and/or operated by a third party) virtualisation or cloud platform hosting Swift-
related VM’s

• [Advisory: bridging servers (such as middleware or file transfer servers other than customer connectors used for
data exchange between back-office and Swift-related components

• SwiftNet Online Operations Manager (O2M) and Swift.com

CONTROL STATEME
Recorded passwords are stored in a protected physical or logical location

CONTROL CONTEX
The secure storage of recorded passwords (repository) ensures that passwords are not easily accessible to others, thereb
recording passwords in a spreadsheet or a text document saved in clear on a desktop or in a shared dire
This control covers the storage of emergency, privileged or any other account passwords. All accounts have to be conside
transaction creator account and approver account (ii) even monitoring accounts pr

This control covers the storage of emergency, privileged

ASSESSMENT RESUL
Implementation Guideline-Lev

Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated
components relevant for the user’
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste

Guideline
Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Protect physically and logically the repository of recorded password

IN-SCOPE COMPONENTS
ry recording accounts and passwords defined on the following components:
ed and general-purpose operator PC
rver

lated components (including interfaces, GUI, Swift and customer connectors)

s or virtual machines hosting Swift-related components
nd related tokens
k devices components protecting the secure zone
mises or remote (hosted and/or operated by a third party) virtualisation or cloud platform hosting Swift-
M’s

ry: bridging servers (such as middleware or file transfer servers other than customer connectors used for
hange between back-office and Swift-related components

t Online Operations Manager (O2M) and Swift.com

CONTROL STATEMENT
Recorded passwords are stored in a protected physical or logical location, with access restrict

CONTROL CONTEXT
secure storage of recorded passwords (repository) ensures that passwords are not easily accessible to others, thereby protecting against s
recording passwords in a spreadsheet or a text document saved in clear on a desktop or in a shared directory or a server, sav
s control covers the storage of emergency, privileged or any other account passwords. All accounts have to be considered because (i) comb
transaction creator account and approver account (ii) even monitoring accounts provide valuable inform

This control covers the storage of emergency, privileged or any other accoun

ASSESSMENT RESULTS
Implementation Guideline-Level Detail

Has the user adequately protected physically and logically recorded passwords?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>

Has the user employed an alternative implementation approach?

Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
PASSWORD REPOSITORY PROTECTION
NTROL INFORMATION
ONTROL OBJECTIVE
ogically the repository of recorded passwords.

RISK DRIVERS
• Password theft

ONTROL STATEMENT
ysical or logical location, with access restricted on a need-to-know basis.

ONTROL CONTEXT
ssible to others, thereby protecting against simple password theft. Common unsecure methods include (unexhaustive list):
ktop or in a shared directory or a server, saved in a mobile phone, written/printed on a post-it or a leaflet.
unts have to be considered because (i) combination of compromised not privileged accounts can be damageable, such as
monitoring accounts provide valuable information during the reconnaissance time.

emergency, privileged or any other account passwords.

SESSMENT RESULTS
entation Guideline-Level Detail

Summary

Recommendations
ORY PROTECTION

include (unexhaustive list):

r a leaflet.
n be damageable, such as

method used (be it the

he documented in-scope

guidelines can be a good

ore, in the case that some
operly assess the overall
TBD
6.1
CONTROL INFORMAT
CONTROL OBJECTI
Ensure that the user's Swift infrastructure is protected aga

IN-SCOPE COMPONENTS
Anti-malware software is implemented on Windows operating systems of the below components:
• Dedicated and general-purpose operator PC
• jump server
• Management PCs of an on-premises or remote (hosted and/or operated by a third party) Virtualisation or cloud
platform
• systems hosting a Swift-related component (including interface, GUI, Swift or customer connector
• [Advisory: bridging servers (such as middleware or file transfer servers other than customer connectors used for
data exchange between back-office and Swift-related components]

CONTROL STATEME
Anti-malware software from a reputable vendor is installed, kept up-to-date on all syste

CONTROL CONTEX
Malware is a general term that includes many types of intrusive and unwanted software, including viruses. Anti-malware tech
digital or behaviour profil

ASSESSMENT RESUL
Implementation Guideline-Lev

Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated
components relevant for the user’
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste

Guideline
Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Ensure that the user's Swift infrastructure is protected against malware and act

IN-SCOPE COMPONENTS
ware software is implemented on Windows operating systems of the below components:
ed and general-purpose operator PC
rver
ement PCs of an on-premises or remote (hosted and/or operated by a third party) Virtualisation or cloud
s hosting a Swift-related component (including interface, GUI, Swift or customer connector
ry: bridging servers (such as middleware or file transfer servers other than customer connectors used for
hange between back-office and Swift-related components]

CONTROL STATEMENT
Anti-malware software from a reputable vendor is installed, kept up-to-date on all systems, and results are c

CONTROL CONTEXT
re is a general term that includes many types of intrusive and unwanted software, including viruses. Anti-malware technology (a broader ter
digital or behaviour profile.

ASSESSMENT RESULTS
Implementation Guideline-Level Detail

Has the user ensured that local Swift infrastructure is protected against malware?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>

Has the user employed an alternative implementation approach?

Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
MALWARE PROTECTION
NTROL INFORMATION
ONTROL OBJECTIVE
ructure is protected against malware and act upon results.

RISK DRIVERS
• Execution of malicious code
• Exploitation of known security vulnerabilities

ONTROL STATEMENT
up-to-date on all systems, and results are considered for appropriate resolving actions.

ONTROL CONTEXT
ses. Anti-malware technology (a broader term for anti-virus) is effective in protecting against malicious code that has a known
gital or behaviour profile.

SESSMENT RESULTS
entation Guideline-Level Detail

tails as documented in the CSCF>

Summary

Recommendations
ARE PROTECTION

alicious code that has a known

method used (be it the

he documented in-scope

guidelines can be a good

ore, in the case that some
operly assess the overall
TBD
6.2 (Advisory for A4)
CONTROL INFOR
CONTROL OBJE
Ensure the software integrity of the Swift-relate

IN-SCOPE COMPONENTS
• Swift connector
• GUI to the messaging and communication interface
• messaging interface
• communication interface
• RMA
• SNL
• New HSM (only for the checking of the firmware update)
• [Advisory: Customer connector]

CONTROL STAT
A software integrity check is performed at regular intervals on messaging interface, communication interface, and other
of the software is ensured at download

CONTROL CON
Software integrity checks provide a detective control against

ASSESSMENT RE
Implementation Guidelin

Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e.
guidelines or altern
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated c
relevant for the user’s
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
start an assessment, the implementation guidance section should never be considered as an "audit check
guidelines elements are not present or partially covered, mitigations as well as particular environment spec
(again, as per the suggeste guidelin

Guideline
Summary
Overall Control Disposition
Recommendati
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Ensure the software integrity of the Swift-related components and act upon res

IN-SCOPE COMPONENTS

ging and communication interface

ce
erface

r the checking of the firmware update)

mer connector]

CONTROL STATEMENT
ntegrity check is performed at regular intervals on messaging interface, communication interface, and other Swift-related components and r
of the software is ensured at download and at deployment time.

CONTROL CONTEXT
Software integrity checks provide a detective control against unexpected modification to ope

ASSESSMENT RESULTS
Implementation Guideline-Level Detail

hould use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the security goal, r
guidelines or alternatives).
mply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective, (ii) Addre
relevant for the user’s architecture.
atement is a suggested mean to fulfil the control objective and the implementation guidelines are common methods fo
sment, the implementation guidance section should never be considered as an "audit checklist" as each user’s implem
ents are not present or partially covered, mitigations as well as particular environment specificities have to be taken in
(again, as per the suggeste guidelines or as per alternatives).

Has the user ensured the software integrity of the Swift-related components?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>
Has the user employed an alternative implementation approach?
<Alternative guideline implementation approach and details>

Summary
Disposition
Recommendations
s for security enhancements / improvements>
SOFTWARE INTEGRITY
OL INFORMATION
ROL OBJECTIVE
e Swift-related components and act upon result

RISK DRIVERS
• Unauthorized system changes
• HSM management misused

ROL STATEMENT
e, and other Swift-related components and results are considered for appropriate resolving actions. Origin and integrity
d at download and at deployment time.

TROL CONTEXT
ntrol against unexpected modification to operational software.

SMENT RESULTS
on Guideline-Level Detail

ontrol; i.e. assess the security goal, regardless of the implementation method used (be it the suggested
es or alternatives).
he stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope components
the user’s architecture.
on guidelines are common methods for implementing the control. Even if guidelines can be a good way to
audit checklist" as each user’s implementation may vary. Therefore, in the case that some implementation
nment specificities have to be taken into account to properly assess the overall compliance adherence level
te guidelines or as per alternatives).

tails as documented in the CSCF>

Summary

commendations
TWARE INTEGRITY

ons. Origin and integrity

sed (be it the suggested

nted in-scope components

nes can be a good way to

hat some implementation
ompliance adherence level
TBD
6.4
CONTROL INFORMAT
CONTROL OBJECTI
Record security events, detect and respond to anomalous actions and

IN-SCOPE COMPONENTS
• Data exchange layer: network
• Operating system of a dedicated and general-purpose operator PC
• jump server
• Swift-related components (including interfaces, GUI, Swift and customer connectors)
• systems or virtual machines hosting Swift-related components
• network devices protecting the secure zone and HSM
• database linked to a messaging interface or a customer connector
• authentication or authorisation servers, or both, controlling accesses to the secure zone
• on-premises or remote (hosted and/or operated by a third party) virtualisation or cloud platform hosting Swift-
relatedVM’s
• [Advisory:bridging servers (such as middleware or file transfer servers other than customer connectors used for
and guardian of the secure data exchange between back-office and Swift-related components]

CONTROL STATEME
Capabilities to detect anomalous activity are implemented, and a process o

CONTROL CONTEX
Developing a logging and monitoring plan is the basis of effectively detecting abnormal behaviour and potential attacks. As the
to perform adequate detection. Simplifying the operational environment will

ASSESSMENT RESUL
Implementation Guideline-Lev

Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated
components relevant for the user’
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste

Guideline
Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Record security events, detect and respond to anomalous actions and operations within the

IN-SCOPE COMPONENTS
change layer: network
ng system of a dedicated and general-purpose operator PC
rver
lated components (including interfaces, GUI, Swift and customer connectors)
s or virtual machines hosting Swift-related components
k devices protecting the secure zone and HSM
se linked to a messaging interface or a customer connector
ication or authorisation servers, or both, controlling accesses to the secure zone
mises or remote (hosted and/or operated by a third party) virtualisation or cloud platform hosting Swift-
M’s
ry:bridging servers (such as middleware or file transfer servers other than customer connectors used for
dian of the secure data exchange between back-office and Swift-related components]

CONTROL STATEMENT
Capabilities to detect anomalous activity are implemented, and a process or tool is in place to fr

CONTROL CONTEXT
ing a logging and monitoring plan is the basis of effectively detecting abnormal behaviour and potential attacks. As the operational environm
to perform adequate detection. Simplifying the operational environment will enable more straight

ASSESSMENT RESULTS
Implementation Guideline-Level Detail

Has the user recorded security events and detected anomalous actions and operations within the local Swift environment?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>
Has the user employed an alternative implementation approach?
<Alternative guideline implementation approach and details>

Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
LOGGING AND MONITORING
NTROL INFORMATION
ONTROL OBJECTIVE
anomalous actions and operations within the user's Swift environment.

RISK DRIVERS
• Lack of traceability
• Undetected anomalies or suspicious activity

ONTROL STATEMENT
mented, and a process or tool is in place to frequently store and review logs.

ONTROL CONTEXT
potential attacks. As the operational environment becomes more complex, so will the logging and monitoring capability needed
ational environment will enable more straightforward logging and monitoring.

SESSMENT RESULTS
entation Guideline-Level Detail

ions within the local Swift environment?

tails as documented in the CSCF>
Summary

Recommendations
AND MONITORING

nd monitoring capability needed

method used (be it the

he documented in-scope

guidelines can be a good

ore, in the case that some
operly assess the overall
TBD
7.1
CONTROL INFORMAT
CONTROL OBJECTI
Ensure a consistent and effective approach for the m

IN-SCOPE COMPONENTS
• Organisational control

CONTROL STATEME
The user has a defined and tested cyber inc

CONTROL CONTEX
Availability and adequate resilience is of key importance to the business. In this respect, defining and testing a cyber incident
lessons are learnt either by testing this plan, or through real incidents, it is essential to apply these learnings and improve the
broader financial community in implementing effective p

ASSESSMENT RESUL
Implementation Guideline-Lev

Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated
components relevant for the user’
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste

Guideline
Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Ensure a consistent and effective approach for the management of cyber

IN-SCOPE COMPONENTS
sational control

CONTROL STATEMENT
The user has a defined and tested cyber incident response plan.

CONTROL CONTEXT
ility and adequate resilience is of key importance to the business. In this respect, defining and testing a cyber incident response plan is a hi
s are learnt either by testing this plan, or through real incidents, it is essential to apply these learnings and improve the plan. Additionally, pl
broader financial community in implementing effective protections against cy

ASSESSMENT RESULTS
Implementation Guideline-Level Detail

Has the user ensured a consistent and effective approach for the management of cyber incidents?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>

Has the user employed an alternative implementation approach?

Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
CYBER INCIDENT RESPONSE PLANNING
NTROL INFORMATION
ONTROL OBJECTIVE
tive approach for the management of cyber incidents.

RISK DRIVERS
• Excess harm from deficient cyber readiness

ONTROL STATEMENT
ed and tested cyber incident response plan.

ONTROL CONTEXT
esting a cyber incident response plan is a highly effective way of reducing the impact and duration of a real cyber incident. As
rnings and improve the plan. Additionally, planning for the sharing of threat and incident information is critical to assisting the
mplementing effective protections against cyber attacks.

SESSMENT RESULTS
entation Guideline-Level Detail

yber incidents?
tails as documented in the CSCF>
Summary

Recommendations
PONSE PLANNING

ion of a real cyber incident. As

ation is critical to assisting the

method used (be it the

he documented in-scope

guidelines can be a good

ore, in the case that some
operly assess the overall
TBD
7.2
CONTROL INFORMAT
CONTROL OBJECTI
Ensure all staff are aware of and fulfil their security responsibilities by performing regular awarenes

IN-SCOPE COMPONENTS
• All staff (such as employees, agents, consultants and contractors) with access to Swift-related systems (as user
or for maintenance or administration)
• All staff (such as employees, agents, consultants and contractors) with privileged access to Swift-related systems
(for maintenance or administration)

CONTROL STATEME
Annual security awareness sessions are conducted for all staff members with access to Swift-related systems. All staff with
appropriate (at management’s d

CONTROL CONTEX
A security training and awareness programme encourages conscious and appropriate security behaviour of employees and ad
privileged access users have and maintain appropri

ASSESSMENT RESUL
Implementation Guideline-Lev

Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated
components relevant for the user’
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste

Guideline
Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Ensure all staff are aware of and fulfil their security responsibilities by performing regular awareness activities, and main

IN-SCOPE COMPONENTS
(such as employees, agents, consultants and contractors) with access to Swift-related systems (as user
intenance or administration)
(such as employees, agents, consultants and contractors) with privileged access to Swift-related systems
tenance or administration)

CONTROL STATEMENT
al security awareness sessions are conducted for all staff members with access to Swift-related systems. All staff with privileged access ma
appropriate (at management’s discretion)

CONTROL CONTEXT
ty training and awareness programme encourages conscious and appropriate security behaviour of employees and administrators, and gen
privileged access users have and maintain appropriate knowledge and ex

ASSESSMENT RESULTS
Implementation Guideline-Level Detail

Has the user ensured all staff are aware of and fulfil their security responsibilities by performing awareness activities, and maint
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>
Has the user employed an alternative implementation approach?
<Alternative guideline implementation approach and details>

Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
SECURITY TRAINING AND AWARENESS
NTROL INFORMATION
ONTROL OBJECTIVE
ming regular awareness activities, and maintain security knowledge of staff with privileged access.

RISK DRIVERS

• Increased security risk from improperly trained staff

ONTROL STATEMENT
systems. All staff with privileged access maintain knowledge through specific training or learning activities when relevant or
ate (at management’s discretion)

ONTROL CONTEXT
ur of employees and administrators, and generally reinforces good security practice. In addition, it is particularly important that
and maintain appropriate knowledge and expertise.

SESSMENT RESULTS
entation Guideline-Level Detail

y performing awareness activities, and maintaining security knowledge of staff with privileged access?
tails as documented in the CSCF>
Summary

Recommendations
AND AWARENESS

ess.

ng activities when relevant or

, it is particularly important that

method used (be it the

he documented in-scope

guidelines can be a good

ore, in the case that some
operly assess the overall
TBD

CSCF Assessment Template For Advisory Controls v2024 v1.0
No ratings yet
CSCF Assessment Template For Advisory Controls v2024 v1.0
101 pages
SOC SLA Template v1 Idc2bp
100% (4)
SOC SLA Template v1 Idc2bp
13 pages
IT Audit Fundamentals Course Content
100% (1)
IT Audit Fundamentals Course Content
45 pages
PowerStore 3.0 Administration VMware Provisioning Participant Guide PDF PDF
No ratings yet
PowerStore 3.0 Administration VMware Provisioning Participant Guide PDF PDF
121 pages
Trend Micro Vision One Solution Overview
No ratings yet
Trend Micro Vision One Solution Overview
17 pages
CyberArk DNA User Guide
No ratings yet
CyberArk DNA User Guide
129 pages
Tenable Slides For Presentation
No ratings yet
Tenable Slides For Presentation
23 pages
GRC Implementation Checklist - N
67% (3)
GRC Implementation Checklist - N
7 pages
TSYS EMV Implementation Guide
No ratings yet
TSYS EMV Implementation Guide
230 pages
Windows Active Directory Audit Assurance Program - Icq - Eng - 0810
No ratings yet
Windows Active Directory Audit Assurance Program - Icq - Eng - 0810
35 pages
Zero Trust For OT
No ratings yet
Zero Trust For OT
4 pages
What Are The 12 Requirements of PCI DSS Compliance
No ratings yet
What Are The 12 Requirements of PCI DSS Compliance
6 pages
PSI - ITGC Appendix PWC Audit Guideline
50% (2)
PSI - ITGC Appendix PWC Audit Guideline
25 pages
AuditScripts CIS Controls Executive Assessment Tool V8.0a
No ratings yet
AuditScripts CIS Controls Executive Assessment Tool V8.0a
7 pages
HITRUST CSF v9.6.0 Summary of Changes
No ratings yet
HITRUST CSF v9.6.0 Summary of Changes
2 pages
Logging and Monitoring Policy-XX Version
100% (2)
Logging and Monitoring Policy-XX Version
14 pages
CSCF Assessment - Template - For - Advisory - Controls - (Version 2022) - v1.1
No ratings yet
CSCF Assessment - Template - For - Advisory - Controls - (Version 2022) - v1.1
108 pages
Balbix New CISO Board Deck
No ratings yet
Balbix New CISO Board Deck
42 pages
SailPoint Certification Training
0% (1)
SailPoint Certification Training
8 pages
CSCF Assessment Template For Advisory Controls (Version 2019) v5
No ratings yet
CSCF Assessment Template For Advisory Controls (Version 2019) v5
84 pages
Independent Assessment Framework: Customer Security Programme
No ratings yet
Independent Assessment Framework: Customer Security Programme
18 pages
RSA Archer Risk Management 4 Overview Guide
No ratings yet
RSA Archer Risk Management 4 Overview Guide
16 pages
Module 6: Appendix 2: Atm Audit Checklist
100% (2)
Module 6: Appendix 2: Atm Audit Checklist
4 pages
SABSA Introduction
100% (1)
SABSA Introduction
51 pages
7 GTAG - Information Technology Outsourcing PDF
No ratings yet
7 GTAG - Information Technology Outsourcing PDF
36 pages
CSCF Assessment Template For Mandatory Controls (Version2022) v1.2
No ratings yet
CSCF Assessment Template For Mandatory Controls (Version2022) v1.2
179 pages
SWIFT CSP Security Controls Public 2022
No ratings yet
SWIFT CSP Security Controls Public 2022
30 pages
PCI DSS v4 - Full Controls
No ratings yet
PCI DSS v4 - Full Controls
132 pages
2019 GRC Dbhgfjdtyjdtyk
0% (1)
2019 GRC Dbhgfjdtyjdtyk
36 pages
SIEM Use Cases - Comprehensive List
100% (1)
SIEM Use Cases - Comprehensive List
20 pages
Network Security Policy
No ratings yet
Network Security Policy
6 pages
Clevertap SOC 2 Type 2 Report 2022
100% (1)
Clevertap SOC 2 Type 2 Report 2022
52 pages
IT Advisory
No ratings yet
IT Advisory
46 pages
CISO First Hundred Days
100% (1)
CISO First Hundred Days
7 pages
PCI Compliance - Best Practices For Securing Credit Card Data
100% (3)
PCI Compliance - Best Practices For Securing Credit Card Data
3 pages
DSP Recommended Practices
No ratings yet
DSP Recommended Practices
41 pages
Patch Management Policy
No ratings yet
Patch Management Policy
5 pages
CIS Controls v8 Critical Security Controls 2023 08
No ratings yet
CIS Controls v8 Critical Security Controls 2023 08
82 pages
Falcon Firewall Management - Documentation - Support - Falcon
No ratings yet
Falcon Firewall Management - Documentation - Support - Falcon
29 pages
IT Security Audit Guideline
100% (1)
IT Security Audit Guideline
31 pages
Forcepoint DLP Installation
100% (1)
Forcepoint DLP Installation
68 pages
Bank Audit Through CBS
No ratings yet
Bank Audit Through CBS
43 pages
ERCM Solution Overview 01JUL14
100% (1)
ERCM Solution Overview 01JUL14
20 pages
F5 Solutions Playbook September 2016 PDF
No ratings yet
F5 Solutions Playbook September 2016 PDF
92 pages
CRISC
100% (1)
CRISC
78 pages
Auditing Identity&access MGMT 2021
No ratings yet
Auditing Identity&access MGMT 2021
22 pages
VAPT RFP v1
100% (1)
VAPT RFP v1
6 pages
BASE24-eps Product Update
100% (1)
BASE24-eps Product Update
24 pages
Active Directory Services Audit - Document References
100% (1)
Active Directory Services Audit - Document References
7 pages
CIS - Establishing Essential Cyber Hygiene
No ratings yet
CIS - Establishing Essential Cyber Hygiene
29 pages
ISMS Project Deliverables
No ratings yet
ISMS Project Deliverables
2 pages
Audit Program WAPVOIP
No ratings yet
Audit Program WAPVOIP
45 pages
Mapping PCI DSS To NIST Framework PDF
No ratings yet
Mapping PCI DSS To NIST Framework PDF
35 pages
ITA IT Risk Assessment Matrix
No ratings yet
ITA IT Risk Assessment Matrix
36 pages
2023 Voice of The CISO Report
No ratings yet
2023 Voice of The CISO Report
24 pages
FreeCourseWeb Com How To Think Like A Manager For The CISSP Exam
100% (1)
FreeCourseWeb Com How To Think Like A Manager For The CISSP Exam
169 pages
Patch Management Nist
100% (1)
Patch Management Nist
76 pages
Gartner Database Activity Monitoring Is Evolving Into Database Audit and Protection
No ratings yet
Gartner Database Activity Monitoring Is Evolving Into Database Audit and Protection
4 pages
New SOC 2 Checklist LM
100% (1)
New SOC 2 Checklist LM
3 pages
SHR Infra Sec Op Fwork 2020 v1 0
No ratings yet
SHR Infra Sec Op Fwork 2020 v1 0
29 pages
Public Review Draft 3104
No ratings yet
Public Review Draft 3104
19 pages
4_5782705780780175193.docx
No ratings yet
4_5782705780780175193.docx
8 pages
ICTCYS612 Project Portfolio
No ratings yet
ICTCYS612 Project Portfolio
17 pages
Acronis Sales Professional: Training & Certification
No ratings yet
Acronis Sales Professional: Training & Certification
64 pages
R.Mahalingam, Director Netcon Technologies India PVT Ltd. Coimbatore, India Phone: +91 422 2241012 E-Mail: Maha@netcon - in
No ratings yet
R.Mahalingam, Director Netcon Technologies India PVT Ltd. Coimbatore, India Phone: +91 422 2241012 E-Mail: Maha@netcon - in
16 pages
Microsoft Premium DP-100 by - VCEplus 60q-DEMO PDF
No ratings yet
Microsoft Premium DP-100 by - VCEplus 60q-DEMO PDF
52 pages
CC Module-2 Notes
No ratings yet
CC Module-2 Notes
48 pages
Network Functions Virtualisation (NFV) Terminology For Main Concepts in NFV
No ratings yet
Network Functions Virtualisation (NFV) Terminology For Main Concepts in NFV
24 pages
Question Bank Cloud Computing
No ratings yet
Question Bank Cloud Computing
22 pages
Administration Guide - Virtual Server Idataagent (Vmware) : Able of Ontents
No ratings yet
Administration Guide - Virtual Server Idataagent (Vmware) : Able of Ontents
174 pages
CS8078
No ratings yet
CS8078
8 pages
Linux: SAP Support in Virtualized Environments: Symptom
No ratings yet
Linux: SAP Support in Virtualized Environments: Symptom
7 pages
IBM Spectrum Virtualize For Public Cloud - Level 2 Quiz
No ratings yet
IBM Spectrum Virtualize For Public Cloud - Level 2 Quiz
7 pages
Dell OptiPlex 7010 Spec Sheet
0% (1)
Dell OptiPlex 7010 Spec Sheet
2 pages
Veritas Netbackup ™ Enterprise Server and Server 9.0 - 9.X.X Hardware and Cloud Storage Compatibility List (HCL)
No ratings yet
Veritas Netbackup ™ Enterprise Server and Server 9.0 - 9.X.X Hardware and Cloud Storage Compatibility List (HCL)
299 pages
Programming Station For (Heidenhain) Lathe Controls - en
No ratings yet
Programming Station For (Heidenhain) Lathe Controls - en
66 pages
Resource Governor
No ratings yet
Resource Governor
70 pages
Answers: Assessment: Oracle x86 Systems Solution Engineer Specialist
No ratings yet
Answers: Assessment: Oracle x86 Systems Solution Engineer Specialist
3 pages
Wa0005.
No ratings yet
Wa0005.
40 pages
Install Kali Linux On Virtualbox in 3 Easy Steps - LinuxForDevices
No ratings yet
Install Kali Linux On Virtualbox in 3 Easy Steps - LinuxForDevices
11 pages
Dell VD For Vdi Solution Brief
No ratings yet
Dell VD For Vdi Solution Brief
14 pages
Unit 2 Virtualization
No ratings yet
Unit 2 Virtualization
13 pages
Citrix Xendesktop 7 Platform
No ratings yet
Citrix Xendesktop 7 Platform
7 pages
ProxySG SWG Gen2 Initial Configuration Guide
No ratings yet
ProxySG SWG Gen2 Initial Configuration Guide
60 pages
Unit 2 Lec 4 Cloud Computing
No ratings yet
Unit 2 Lec 4 Cloud Computing
36 pages
Learn Kubernetes 5 Minutes at A Time
No ratings yet
Learn Kubernetes 5 Minutes at A Time
187 pages
EMC Storage Integration With VMware VSphere Best Practices
No ratings yet
EMC Storage Integration With VMware VSphere Best Practices
98 pages
Always On Demand
No ratings yet
Always On Demand
7 pages
Virtualization For Dummies
No ratings yet
Virtualization For Dummies
15 pages
Annexure III Curriculum - Computer Hardware & Networking
No ratings yet
Annexure III Curriculum - Computer Hardware & Networking
16 pages