SWIFT Customer Security Controls Framework (CSCF)
This download includes the SWIFT Customer Security Controls Framework (CSCF) only so there are no mapped questions. Use this download if you just want the provisions and you want to create your own question set.
The SWIFT Customer Security Controls Framework (CSCF) is composed of mandatory and advisory security controls for SWIFT users.
The mandatory security controls establish a security baseline for the entire community. They must be implemented by all users on their local SWIFT infrastructure. SWIFT has chosen to prioritise these mandatory controls to set a realistic goal for near-term, tangible security gains and risk reduction.
The advisory controls are based on a recommended practice that SWIFT recommends all users to implement. Over time, controls may change due to the evolving threat landscape, the introduction of new technologies, the evolution of security-related regulations in major jurisdictions, developments in cybersecurity practices, or user feedback, As such, some advisory controls may become mandatory, or new controls may be added.
The Customer Security Controls Framework (CSCF) framework is articulated around 3 objectives, 8 principles and 31 Controls:
- SWIFT Environment Protection
- Operating System Privileged Account Control
- Virtualisation Platform Protection
- Restrict Internet access
- Internal Data Flow Security
- Security Updates
- System Hardening
- Back Office Data Flow Security
- External Transmission Data Protection
- Operator Session Confidentiality and Integrity
- Vulnerability Scanning
- Critical Activity Outsourcing
- Transaction Business Controls
- Application Hardening
- RMA Business Controls
- Physical Security
- Password Policy
- Multi-factor Authentication
- Logical Access Control
- Token Management
- Personnel Vetting Process
- Physical and Logical Password storage
- Malware Protection
- Software Integrity
- Database Integrity
- Logging and Monitoring
- Intrusion Detection
- Cyber Incident Response Planning
- Security Training and Awareness
- Penetration Testing
- Scenario Risk Assessment
Getting StartedClick "Book a demo" and our team will provide you with an overview of our content library within the 6clicks GRC platform.