SWIFT CSP Compliance
The SWIFT Customer Security Controls Framework describes a set of mandatory and advisory security controls for SWIFT customers.
There are 2 controls which SWIFT says
- Advisory controls
- Mandatory control
The mandatory security controls establish a security baseline for the entire community, and must be implemented by all users on their local SWIFT infrastructure. SWIFT has chosen to prioritise these mandatory controls to set a realistic goal for near-term, tangible security gain and risk reduction.
Objectives of SWIFT CSP Assessments
Secure your environment
Know and limit access
Detect and respond
Principles of SWIFT CSP Assessments
- Restrict internet access
- Protect critical systems from the general IT environment
- Reduce attack surfaces and vulnerabilities
- Physically secure the environmentPrevent compromise of credentials
- Manage identities and segregate privileges
- Detect anomalous system activity or transaction records
- Plan for incident response and information sharing
SWIFT CSP Assessment Methodology
Our methodology is based on the experience of the successful projects implementations and maintenance of the Information Security Management Systems (ISMS) and. Our approach is to start with getting a comprehensive understanding of the customer environment and current SWIFT CSP compliance position and to continue with a remediation plan to address any gaps and thus to conclude by bringing in our experts into implementing remediation activities.
SWIFT requires users to follow the two steps
- Self-assessment against the SWIFT Customer Security Controls Framework (CSCF)
- Self-attestation following the SWIFT Customer Security Controls Policy