The SWIFT CSCF (Customer Security Controls Framework)

For SWIFT users, the Customer Security Controls Framework (CSCF) consists of both required and recommended security controls. A community-wide security baseline is created by the obligatory security controls. All users must apply them to their personal SWIFT infrastructure. For the purpose of establishing a reasonable objective for short-term, concrete security improvements and risk reduction, SWIFT has decided to prioritize certain necessary controls. The advisory controls are founded on best practices, which SWIFT urges all users to adopt.

Controls may alter over time as a result of the changing threat environment, the introduction of fresh technology, the development of security-related laws in important jurisdictions, advancements in cybersecurity procedures, or user input. As a result, additional controls may be added or some advised controls may become necessary.

The 31 CSCF v2022 controls are organized into groups based on three objectives, which are further divided into eight principles.

  1. Secure your Environment
    • Restrict Internet access
    • Segregate critical systems from general IT environment
    • Reduce attack surface and vulnerabilities
    • Physically secure the environment
  2. Know and Limit Access
    • Prevent compromise of credentials
    • Manage identities and segregate privileges
  3. Detect and Respond
    • Detect anomalous activity to system or transaction records
    • Plan for incident response and information sharing

Our team can assist our clients in their SWIFT CSCF Compliance. Some of the key reasons includes:

  • We are listed in SWIFT’s directory of Cyber Security Service Providers by SWIFT;
  • We have a thorough understanding of a variety of technological environments; and
  • We are carrying out ongoing research on SWIFT system for the purpose of securing SWIFT environment.(Reference: CVE-2022-32389)