The SWIFT CSCF (Customer Security Controls Framework)

Security controls for financial organisations

What is the SWIFT CSP?

SWIFT (the Society for Worldwide Interbank Financial Telecommunication) provides the global messaging system that financial organisations use to transmit information and instructions securely.

Its CSP (Customer Security Programme) helps financial organisations ensure their cyber security defences are adequate and up to date.

What is the SWIFT CSCF?

As part of the CSP, SWIFT established the CSCF (Customer Security Controls Framework) to help organisations in the financial services industry implement a baseline of security.

Last updated in July 2021, the SWIFT CSCF comprises a set of 21 mandatory and 10 advisory security controls for the operating environment of SWIFT users.

CSCF objectives, principles and controls

The 31 CSCF v2022 controls are grouped according to 3 objectives, which are broken down further into 8 principles:

  1. Secure your Environment

    1. Restrict Internet access
    2. Segregate critical systems from general IT environment
    3. Reduce attack surface and vulnerabilities
    4. Physically secure the environment
  2. Know and Limit Access

    1. Prevent compromise of credentials
    2. Manage identities and segregate privileges
  3. Detect and Respond

    1. Detect anomalous activity to system or transaction records
    2. Plan for incident response and information sharing

Control definitions are aligned with information security best practice. SWIFT users can find these on mySWIFT, along with complementary security guidance documents.

CSCF self-attestation and assessment

Users can compare the security controls they have implemented with those listed in the CSCF to identify and remediate any compliance gaps.

They must then submit an annual self-attestation of their compliance with the mandatory elements of the CSCF, between July and December.

Self-attestations must be independently assessed via an internal and/or external assessment.

How IT Governance can help your SWIFT CSCF compliance

We have more than 15 years of experience helping organisations meet their IT governance, risk management and compliance objectives.

IT Governance is recognised under the following frameworks:

  • CREST certified as ethical security testers.
  • Certified under Cyber Essentials Plus, the UK government-backed cyber security certification scheme.
  • Certified to ISO 27001:2013, the world’s most recognised information security standard.

We can provide all the cyber security and information security services and resources you need to ensure your organisation follows industry-recognised best practice and can demonstrate its compliance with the CSCF.

Speak to a CSCF expert

As well as advising on cyber security and information security best practice, we can:

  • Conduct a gap analysis to determine the extent of your conformity with the CSCF’s mandatory controls and identify the areas that need addressing;
  • Carry out remediation work to ensure your level of security meets the CSCF’s requirements; and
  • Provide an independent, expert assessment of your security posture to support your self-attestation of compliance.

Call us now on 00 800 48 484 484 or request a call back using the form below.

top