For SWIFT users, the Customer Security Controls Framework (CSCF) consists of both required and recommended security controls. A community-wide security baseline is created by the obligatory security controls. All users must apply them to their personal SWIFT infrastructure.
cyber security it health check image

For the purpose of establishing a reasonable objective for short-term, concrete security improvements and risk reduction, SWIFT has decided to prioritize certain necessary controls. The advisory controls are founded on best practices, which SWIFT urges all users to adopt. Controls may alter over time as a result of the changing threat environment, the introduction of fresh technology, the development of security-related laws in important jurisdictions, advancements in cybersecurity procedures, or user input. As a result, additional controls may be added or some advised controls may become necessary.

By adhering to the SWIFT CSCF, our SWIFT certified experts will help SWIFT customers to understand the steps to reduce the potential fraud, attack and other security incidents and implement measures to prevent clients from cybercrime and data theft or loss.

In response to the shifting threat landscape and continuously evolving cyberthreats, SWIFT has determined that certain security improvements are necessary. Hence, we, being SWIFT CSSP and CSP Assessor, recommend to adopt best practices in order to help banking industry work towards reducing risk and increasing overall security.

The 31 CSCF v2022 controls are organized into groups based on three objectives, which are further divided into eight principles.

  1. Secure your Environment
    • Restrict Internet access
    • Segregate critical systems from general IT environment
    • Reduce attack surface and vulnerabilities
    • Physically secure the environment
  2. Know and Limit Access
    • Prevent compromise of credentials
    • Manage identities and segregate privileges
  3. Detect and Respond
    • Prepare for incident response and information sharing by planning for unusual activity in the system or transaction records.

Our team can assist our clients in their SWIFT CSCF Compliance. Some of the key reasons includes:

  • We are listed in SWIFT’s directory of Cyber Security Service Providers by SWIFT;
  • We have a thorough understanding of a variety of technological environments; and
  • We are carrying out ongoing research on SWIFT system for the purpose of securing SWIFT environment.(Reference: CVE-2022-32389)