In order to maintain the integrity of the larger financial network, SWIFT's Customer Security Program (CSP) assists financial institutions in making sure their defenses against cyberattacks are current and effective. Before annually attesting their level of compliance, users check the security measures they have put in place with those described in the Customer Security Controls Framework (CSCF).
Background
SWIFT announced the Customer Security Program (CSP) in May 2016 to help its clients strengthen their security. The CSP establishes norms and controls to promote information exchange within the community, improves SWIFT-related products for customers, and offers control frameworks. All SWIFT customers are required to implement 16 mandatory security controls on their SWIFT-related infrastructure as part of the CSP, which was released by SWIFT in April 2017.
CSCF objectives, principles and controls
The 31 CSCF v2022 controls are grouped according to 3 objectives, which are broken down further into 8 principles:
Secure your Environment
- Restrict Internet access
- Segregate critical systems from general IT environment
- Reduce attack surface and vulnerabilities
- Physically secure the environment
Know and Limit Access
- Prevent compromise of credentials
- Manage identities and segregate privileges
Detect and Respond
- Detect anomalous activity to system or transaction records
- Plan for incident response and information sharing