What is the SWIFT CSP?
SWIFT (the Society for Worldwide Interbank Financial Telecommunication) provides the global messaging system that financial organisations use to transmit information and instructions securely.
Its CSP (Customer Security Programme) helps financial organisations ensure their cyber security defences are adequate and up to date.
What is the SWIFT CSCF?
As part of the CSP, SWIFT established the CSCF (Customer Security Controls Framework) to help organisations in the financial services industry implement a baseline of security.
Last updated in July 2021, the SWIFT CSCF comprises a set of 21 mandatory and 10 advisory security controls for the operating environment of SWIFT users.
CSCF objectives, principles and controls
The 31 CSCF v2022 controls are grouped according to 3 objectives, which are broken down further into 8 principles:
Secure your Environment
- Restrict Internet access
- Segregate critical systems from general IT environment
- Reduce attack surface and vulnerabilities
- Physically secure the environment
Know and Limit Access
- Prevent compromise of credentials
- Manage identities and segregate privileges
Detect and Respond
- Detect anomalous activity to system or transaction records
- Plan for incident response and information sharing
Control definitions are aligned with information security best practice. SWIFT users can find these on mySWIFT, along with complementary security guidance documents.
CSCF self-attestation and assessment
Users can compare the security controls they have implemented with those listed in the CSCF to identify and remediate any compliance gaps.
They must then submit an annual self-attestation of their compliance with the mandatory elements of the CSCF, between July and December.
Self-attestations must be independently assessed via an internal and/or external assessment.
How IT Governance can help your SWIFT CSCF compliance
We have more than 15 years of experience helping organisations meet their IT governance, risk management and compliance objectives.
IT Governance is recognised under the following frameworks:
- CREST certified as ethical security testers.
- Certified under Cyber Essentials Plus, the UK government-backed cyber security certification scheme.
- Certified to ISO 27001:2013, the world’s most recognised information security standard.
We can provide all the cyber security and information security services and resources you need to ensure your organisation follows industry-recognised best practice and can demonstrate its compliance with the CSCF.
Speak to a CSCF expert
As well as advising on cyber security and information security best practice, we can:
- Conduct a gap analysis to determine the extent of your conformity with the CSCF’s mandatory controls and identify the areas that need addressing;
- Carry out remediation work to ensure your level of security meets the CSCF’s requirements; and
- Provide an independent, expert assessment of your security posture to support your self-attestation of compliance.
Call us now on +353 (0)1 695 0411 or request a call back using the form below.