USA
Select regional store:

The SWIFT CSCF (Customer Security Controls Framework)

Security controls for financial organizations

What is the SWIFT CSP?

SWIFT (the Society for Worldwide Interbank Financial Telecommunication) provides the global messaging system that financial organizations use to transmit information and instructions securely.

Its CSP (Customer Security Programme) helps financial organizations ensure their cybersecurity defenses are adequate and up to date.

What is the SWIFT CSCF?

As part of the CSP, SWIFT established the CSCF (Customer Security Controls Framework) to help organizations in the financial services industry implement a baseline of security.

Last updated in July 2021, the SWIFT CSCF comprises a set of 21 mandatory and 10 advisory security controls for the operating environment of SWIFT users.

CSCF objectives, principles, and controls

The 31 CSCF v2022 controls are grouped according to 3 objectives, which are broken down further into 8 principles:

    1. Secure your Environment

      1. Restrict Internet access
      2. Segregate critical systems from general IT environment
      3. Reduce attack surface and vulnerabilities
      4. Physically secure the environment
    2. Know and Limit Access

      1. Prevent compromise of credentials
      2. Manage identities and segregate privileges
    3. Detect and Respond

      1. Detect anomalous activity to system or transaction records
      2. Plan for incident response and information sharing

Control definitions are aligned with information security best practice. SWIFT users can find these on mySWIFT, along with complementary security guidance documents.

CSCF self-attestation and assessment

Users can compare the security controls they have implemented with those listed in the CSCF to identify and remediate any compliance gaps.

They must then submit an annual self-attestation of their compliance with the mandatory elements of the CSCF, between July and December.

Self-attestations must be independently assessed via an internal and/or external assessment.

How IT Governance USA can help your SWIFT CSCF compliance

We have more than 15 years of experience helping organizations meet their IT governance, risk management, and compliance objectives.

IT Governance USA is recognized under the following frameworks:

  • CREST certified as ethical security testers
  • Certified to ISO 27001:2013, the world’s most recognized information security standard

We can provide all the cybersecurity and information security services and resources you need to ensure your organization follows industry-recognized best practice and can demonstrate its compliance with the CSCF.

Speak to a CSCF expert

As well as advising on cybersecurity and information security best practice, we can:

  • Conduct a gap analysis to determine the extent of your conformity with the CSCF’s mandatory controls and identify the areas that need addressing
  • Carry out remediation work to ensure your level of security meets the CSCF’s requirements
  • Provide an independent, expert assessment of your security posture to support your self-attestation of compliance

Call us now on +1 877 317 3454 or request a call back using the form below.

Contact us

This website uses cookies. View our cookie policy
Save on
Training