CSCF Assessment - Template - For - Advisory - Controls - (Version 2022) - v1.1

637866537.
xlsx - Read me first Tab Template Version: 2019
CSCF ASSESSMENT TEMPLATE INSTRUCTIONS SHEET - VERSION 2022

PURPOSE
This template is provided for convenience; SWIFT recommends independent assessors to use it to document the assessment results when assisting with a Customer Security Control Framework (CSCF) assessment of the disposition of all controls that
apply to the user in question. This workbook is used to document only the CSCF advisory controls - a separate file is available for assessing CSCF mandatory controls should the user request that this be undertaken.
INSTRUCTIONS
1 NOTE: User data contained within this assessment workbook is considered sensitive and must not be disclosed to any party except the user without express, written consent.
Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the security goal, regardless of the implementation method used (be it the suggested guidelines or alternatives).
As such, to comply with a CSP security control, users must implement a solution that: (i) Meets the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope components relevant for the user’s architecture.
2 The control statement is a suggested mean to fulfil the control objective and the implementation guidelines are common methods for implementing the control. Even if guidelines can be a good way to start an assessment, the implementation guidance
section should never be considered as an "audit checklist" as each user’s implementation may vary. Therefore, in the case that some implementation guidelines elements are not present or partially covered, mitigations as well as particular environment
specificities have to be taken into account to properly assess the overall compliance adherence level (again, as per the suggested guidelines or as per alternatives).
3 SWIFT highly recommends users to include the CSCF advisory controls in the independent assessment; some of the advisory may be turned mandatory in the next version of the CSCF
2 Begin the assessment process by thoroughly reviewing the Customer Security Controls Framework (CSCF), assessment template, and all other SWIFT-provided assessment guidance.
Reference the “User Data” tab and populate all applicable cells with the information requested. Note that all individual assessors involved in executing the end-to-end assessment process should be included in the “Assessor Name(s)” field. Additionally,
3
names provided in the “Assessor Name(s)” field should be accompanied by the applicable professional certification(s) held by each individual assessor.
Depending upon the architecture type of the community member in question, complete the following coloured tabs that represent the control data contained within the CSCF.
4 • Architecture A1, A2, A4: BLUE + GREEN + YELLOW tabs

• Architecture A3: BLUE + GREEN tabs
• Architecture B: BLUE tabs only
For each applicable tab defined above, review the control objective, in-scope components, risk drivers, control statement, and control context. Assessors should reference the full text of the CSCF document for a full listing of all control and Guidance-
5
level details. This guidance is for the Internal or external audit profession to assess the existing/implemented controls and their suitability/effectiveness.
The assessment templates directly correlate to the CSCF and highlight which CSCF controls are applicable to the user’s architecture type. For each applicable control, the relevant template sets out the control objective, any underpinning key
principle(s) and SWIFT’s guidance with respect to their implementation. By use of the template, the assessor can then confirm whether those that are applicable to the user are complied with, either via SWIFT’s implementation guidance or, for typically
large or complex institutions, via an alternative implementation method.
6
Finally, some CSCF controls although relevant for the user’s SWIFT architecture type may, in rare cases, not be applicable depending upon the user’s specific local infrastructure. In such cases, they should be assessed as 'Not Applicable'. please
refer to the KYC-SA baseline for the identification of such controls.
Support the above-mentioned finding by populating the corresponding cell(s) marked "<Observations & response justification - address all subordinate implementation details as documented in the CSCF>" for each guidance As noted, assessors
7
should address
For each Implementation guidance in the "Assessments Results" section, indicate whether or not the user has fulfilled the guidance statement using the appropriate drop-down list(s) available at the right side of the worksheet. Note that the only
8
available responses are “yes”, “no”, and “N/A” (in a limited number of cases). Responses marked “N/A” are not detrimental to the overall disposition of any control.
Support the above-mentioned finding by populating the corresponding cell(s) marked "<Observations & response justification - address all subordinate implementation details as documented in the CSCF>" for each guidance As noted, assessors
9
should address all subordinate details documented for each Implementation guidance as provided in the CSCF.
For each guidance in the "Assessments Results" section, indicate whether or not the user has used an alternative implementation means to fill the control requirement(s) of said guidance Use the he appropriate drop-down list(s) available at the right
10
side of the worksheet. Note that the use of alternative implementation means is not detrimental to the overall disposition of any control.
For any and all guidance where alternative implementation means were used to fill the control requirement(s), provide a full explanation of the alternative means utilized in the corresponding cells marked "<Alternative guidance implementation
11 approach and details>". Note that the worksheet will grey out these cells for any guidance that have been addressed using the standard implementation method. Responses provided should be comprehensive and detail how all applicable risks are
addressed by the user's custom implementation.
When the above steps have been completed, the worksheet will automatically mark the control as either "In Place" or "Not in Place" depending on the input provided by the assessor in the "Assessments Results" section. Do not attempt to manually
12
alter any fields that are automatically populated (non-modifiable cells are password protected).
The information herein is confidential and will not disclosed to third parties without written permission Template Copyright © S.W.I.F.T. SCRL, 2019
Date Change
31-Jan-20 Removed Completion letter tab to make it a standalone word document
Inserted a clause on each control, before the Implemntation guidelines to stress
31-Jan-20 on the risk based approach to be used by assessors
31-Jan-20 Inserted a revision record sheet
17-Jul-20 alignement with CSCF v2021
30/Nov/20 inserted A4, change the text for the completion letter, review color coding
12/Oct/21 updated for v2022
637866537.xlsx - User Data Tab Template Version: 2019
USER BACKGROUND DATA SHEET

Customer Name <customer>
BIC <BIC>
Architecture Type <type>
Assessment Start Date <start date>
Assessment End Date <end date>
CSCF Version 2022
Assessor Firm <firm>
637866537.xlsx - Summary Tab Template Version: 2019
ADVISORY CONTROLS SUMMARY

Architecture Applicability
Control Objective Title Implementation Means Control Disposition
A1 A2 A3 A4 B
1.2 (Advisory for B) Operating System Privileged Account Control X X X X A TBD TBD
1.5A Customer Environment Protection X X X X TBD TBD
2.4A Back-Office Data Flow Security X X X X X TBD TBD
2.5A External Transmission Data Protection X X X X TBD TBD
2.7 (Advisory for B) Vulnerability Scanning X X X X A TBD TBD
2.8A Critical Activity Outsourcing X X X X X TBD TBD
2.11A RMA BusinessControls X X X X X TBD TBD
5.3A Personnel Vetting Process X X X X X TBD TBD
6.2 (Advisory for A4) Software Integrity X X X A TBD TBD
6.3 (Advisory for A4) Database Integrity X X A TBD TBD
6.5A Intrusion Detection X X X X TBD TBD
7.3A Penetration Testing X X X X X TBD TBD
7.4A Scenario Risk Assessment X X X X X TBD TBD
1.2 (Advisory for B)
CONTROL INFORM
CONTROL OBJE
Restrict and control the allocation and usage of admini
IN-SCOPE COMPONENTS
Administrator-level accounts defined on the following components:
• Systems or virtual machines (VMs) hosting a SWIFT-related component (including interface, GUI, SWIFT or customer
connector)
• dedicated operator PCs
• network devices protecting the secure zone
• Local or remote (hosted and/or operated by a third party) Virtualisation platform (also referred as the hypervisor) hosting
SWIFT-related VM’s
• [Advisory A1/A2/A3: Middleware server (such as IBM® MQ server or similar) than customer connector used for data
exchange between back-office and SWIFT-related components]
• [Advisory: General-purpose operator PC]
CONTROL STATE
Access to administrator-level operating system accounts is restricted to the maximum extent possible. Usage is controlled, mo
and emergency activities. At all other times, an acco
CONTROL CONT
Tightly protecting administrator-level accounts within the operating system reduces the opportunity for an attacker to use
ASSESSMENT RE
Implementation Guideline
Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e. a
guidelines or altern
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated c
relevant for the user’s a
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
start an assessment, the implementation guidance section should never be considered as an "audit checkl
guidelines elements are not present or partially covered, mitigations as well as particular environment sp
level (again, as per the suggeste guidel
Guideline
Summary
Overall Control Disposition
Recommendatio
<Recommendations for security enhancements / improvements>
OPERAT
CONTROL INFORMATION
CONTROL OBJECTIVE
Restrict and control the allocation and usage of administrator-level operating system
IN-SCOPE COMPONENTS
el accounts defined on the following components:
ual machines (VMs) hosting a SWIFT-related component (including interface, GUI, SWIFT or customer
ator PCs
s protecting the secure zone
(hosted and/or operated by a third party) Virtualisation platform (also referred as the hypervisor) hosting
M’s
/A3: Middleware server (such as IBM® MQ server or similar) than customer connector used for data
en back-office and SWIFT-related components]
ral-purpose operator PC]
CONTROL STATEMENT
nistrator-level operating system accounts is restricted to the maximum extent possible. Usage is controlled, monitored, and only permitted f
and emergency activities. At all other times, an account with least privilege access
CONTROL CONTEXT
otecting administrator-level accounts within the operating system reduces the opportunity for an attacker to use the privileges of the account
ASSESSMENT RESULTS
Implementation Guideline-Level Detail
should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the security goal,
guidelines or alternatives).
mply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective, (ii) Addr
relevant for the user’s architecture.
tatement is a suggested mean to fulfil the control objective and the implementation guidelines are common methods f
ssment, the implementation guidance section should never be considered as an "audit checklist" as each user’s imple
lements are not present or partially covered, mitigations as well as particular environment specificities have to be take
level (again, as per the suggeste guidelines or as per alternative
Has the user adequately restricted and controlled the allocation and usage of administrator-level operating system accounts?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>
Has the user employed an alternative implementation approach?

<Alternative guideline implementation approach and details>
Summary
l Disposition
Recommendations
ons for security enhancements / improvements>
OPERATING SYSTEM PRIVILEGED ACCOUNT CONTROL
ROL INFORMATION
TROL OBJECTIVE
sage of administrator-level operating system accounts.
RISK DRIVERS
• Deletion of logs and forensic evidence
• Excess privilege or access
• Lack of traceability
• Unauthorized system changes
ROL STATEMENT
s controlled, monitored, and only permitted for relevant activities such as software installation and configuration, maintenance,
times, an account with least privilege access is used.
TROL CONTEXT
attacker to use the privileges of the account as part of an attack (for example, executing commands, deleting evidence).
SSMENT RESULTS
tion Guideline-Level Detail
control; i.e. assess the security goal, regardless of the implementation method used (be it the suggested
nes or alternatives).
the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope components
the user’s architecture.
on guidelines are common methods for implementing the control. Even if guidelines can be a good way to
"audit checklist" as each user’s implementation may vary. Therefore, in the case that some implementation
ironment specificities have to be taken into account to properly assess the overall compliance adherence
geste guidelines or as per alternatives).
nistrator-level operating system accounts?

tails as documented in the CSCF>
Summary
ecommendations
CCOUNT CONTROL
nd configuration, maintenance,
ands, deleting evidence).
used (be it the suggested
ented in-scope components
nes can be a good way to

that some implementation
all compliance adherence
TBD
1.5A
CONTROL INFORMAT
CONTROL OBJECTI
Ensure the protection of the customer’s connectivity infrastructure from external environment
IN-SCOPE COMPONENTS
• Customer connector
• Dedicated and general-purpose operator PCs
• Jump server
Note: This control must be considered by Architecture types A1, A2 and A3 when a customer connector is also
present outside of an existing SWIFT secure zone.
CONTROL STATEME
A separated secure zone safeguards the customer's infrastructure used for external connectivity from extern
CONTROL CONTEX
Segmentation between the customer's connectivity infrastructure and its larger enterprise network reduces the attack sur
compromise of the general enterprise IT environment. Effective segmentation will include net
ASSESSMENT RESU
Implementation Guideline-Lev
Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the state
components relevant for the user’
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste
Guideline
a) Overall design
goals for
implementing
environment
b) separation
Scope of the
secure zone
c)
Protection of the
secure zone -
Boundary
protection
d.1)
Access to the
secure zone
systems - Local
operator (end user
and administrator)
access
Access to the
secure zone
systems - Local
operator (end user
and administrator)
access
d.2)
Access to the
secure zone
systems - Remote
operator access
e)
Separation from
general enterprise
IT services
Summary
Recommendations
CONTROL INFORMATION
CONTROL OBJECTIVE
Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially comp
IN-SCOPE COMPONENTS
er connector
ed and general-purpose operator PCs
erver
is control must be considered by Architecture types A1, A2 and A3 when a customer connector is also
outside of an existing SWIFT secure zone.
CONTROL STATEMENT
A separated secure zone safeguards the customer's infrastructure used for external connectivity from external environments and
CONTROL CONTEXT
gmentation between the customer's connectivity infrastructure and its larger enterprise network reduces the attack surface and has shown
compromise of the general enterprise IT environment. Effective segmentation will include network-level separation
ASSESSMENT RESULTS
sessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the secur
suggested guidelines or alternatives).
uch, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective
components relevant for the user’s architecture.
ontrol statement is a suggested mean to fulfil the control objective and the implementation guidelines are common me
o start an assessment, the implementation guidance section should never be considered as an "audit checklist" as ea
mentation guidelines elements are not present or partially covered, mitigations as well as particular environment spec
compliance adherence level (again, as per the suggested guidelines or as
Has the user adequately defined and documented design goals for implementing environment separation?
Has the user adequately defined and implemented the scope for the secure zone?
Has the user adequately implemented boundary protections for the secure zone?
Has the user adequately controlled local operator (end user and administrator) access to the secure zone?
Has the user adequately controlled remote operator (teleworker, "on-call" staff, remote administrator) access to the secure zone
Has the user adequately separated the secure zone from general enterprise IT services?
Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
CUSTOMER ENVIRONMENT PROTECTION
NTROL INFORMATION
ONTROL OBJECTIVE
m external environment and potentially compromised elements of the general IT environment.
RISK DRIVERS
• Compromise of enterprise authentication system
• Compromise of user credentials
• Credential replay
• Exposure to internet-based attacks
• Unauthorized access
ONTROL STATEMENT
connectivity from external environments and compromises or attacks on the broader enterprise environment.
ONTROL CONTEXT
reduces the attack surface and has shown to be an effective way to defend against cyber attacks that commonly involve
entation will include network-level separation, access restrictions, and connectivity restrictions.
SESSMENT RESULTS
entation Guideline-Level Detail
the CSP control; i.e. assess the security goal, regardless of the implementation method used (be it the
d guidelines or alternatives).
t: (i)Meets the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope
elevant for the user’s architecture.
mentation guidelines are common methods for implementing the control. Even if guidelines can be a good
nsidered as an "audit checklist" as each user’s implementation may vary. Therefore, in the case that some
as well as particular environment specificities have to be taken into account to properly assess the overall
as per the suggested guidelines or as per alternatives).
nvironment separation?
ess to the secure zone?

ote administrator) access to the secure zone?
vices?
Summary
Recommendations
MENT PROTECTION
environment.
cks that commonly involve
method used (be it the
he documented in-scope
guidelines can be a good

ore, in the case that some
operly assess the overall
TBD
2.4A
CONTROL INFORMAT
CONTROL OBJECTI
Ensure the confidentiality, integrity, and mutual authenticity of data flows between local or remote S
IN-SCOPE COMPONENTS
• Data exchange layer: flows of financial transactions between the local or remote (hosted or operated by a third
party, or both) SWIFT-related components (interfaces, GUI or SWIFT and customer connectors) and the back-
office first hops at the application level they are connected to (directly or through middleware).
CONTROL STATEME
Confidentiality, integrity, and authentication mechanisms (at system, transport or message level) are implemented to protec
CONTROL CONTEX
Protection of data flows/connections between the back office first hops, at application level, as seen from the SWIFT or cus
disclosure, modification, and data acces
ASSESSMENT RESU
components relevant for the user
Guideline
Summary
Recommendations
CONTROL INFORMATION
CONTROL OBJECTIVE
Ensure the confidentiality, integrity, and mutual authenticity of data flows between local or remote SWIFT infrastructure c
IN-SCOPE COMPONENTS
change layer: flows of financial transactions between the local or remote (hosted or operated by a third
both) SWIFT-related components (interfaces, GUI or SWIFT and customer connectors) and the back-
t hops at the application level they are connected to (directly or through middleware).
CONTROL STATEMENT
dentiality, integrity, and authentication mechanisms (at system, transport or message level) are implemented to protect data flows between
CONTROL CONTEXT
ection of data flows/connections between the back office first hops, at application level, as seen from the SWIFT or customer secure zone, a
disclosure, modification, and data access while in transit.
ASSESSMENT RESULTS
sessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the secu
Has the user adequately ensured the confidentiality, integrity, and mutual authenticity of data flows between SWIFT infrastructu

Summary
Control Disposition
Recommendations
BACK-OFFICE DATA FLOW SECURITY
NTROL INFORMATION
ONTROL OBJECTIVE
ween local or remote SWIFT infrastructure components and the back office first hop they connect to.
RISK DRIVERS
• Loss of sensitive data confidentiality
• Loss of sensitive data integrity

• Unauthenticated system traffic
ONTROL STATEMENT
implemented to protect data flows between SWIFT infrastructure components and the back-office first hops they connect to.
ONTROL CONTEXT
from the SWIFT or customer secure zone, and the SWIFT infrastructure safeguards against man-in-the-middle, unintended
ication, and data access while in transit.
SESSMENT RESULTS
ity of data flows between SWIFT infrastructure components and the back office first hop they connect to?

Summary
Recommendations
A FLOW SECURITY
ct to.
ce first hops they connect to.
an-in-the-middle, unintended

TBD
2.5A
CONTROL INFORMAT
CONTROL OBJECTI
Protect the confidentiality of SWIFT-related data transmitted or stored outsid
IN-SCOPE COMPONENTS
• SWIFT-related secure zone sensitive data (such as back-ups, business transaction details and credentials)
CONTROL STATEME
Sensitive SWIFT-related data leaving the secure zone as the result of (i) operating system/application backups, business tr
protected when stored outside of a secure zone an
CONTROL CONTEX
While 2.4A covers the (back office) application flows with the SWIFT-related components, this control covers the underlying
operational activities (such as back-ups or manual/aut
Operating system or applications backups and replication of business transaction data can provide useful information to pre
example, using the SAN/NAS10 technology), have therefore to be secured to prevent unauthorised a
Back-up encryption, encryption of data at rest or appropriate authorisation and
Off-line processing covers for example processing performed for support activit
ASSESSMENT RESU
Guideline
Summary
Recommendations
CONTROL INFORMATION
CONTROL OBJECTIVE
Protect the confidentiality of SWIFT-related data transmitted or stored outside of the secure zone
IN-SCOPE COMPONENTS
related secure zone sensitive data (such as back-ups, business transaction details and credentials)
CONTROL STATEMENT
itive SWIFT-related data leaving the secure zone as the result of (i) operating system/application backups, business transaction data replica
protected when stored outside of a secure zone and encrypted while in
CONTROL CONTEXT
e 2.4A covers the (back office) application flows with the SWIFT-related components, this control covers the underlying SWIFT-related data
operational activities (such as back-ups or manual/automated data extractio
ating system or applications backups and replication of business transaction data can provide useful information to prepare fraudulent trans
example, using the SAN/NAS10 technology), have therefore to be secured to prevent unauthorised access. Flow or data e
Back-up encryption, encryption of data at rest or appropriate authorisation and access control are u
Off-line processing covers for example processing performed for support activities, additional analys
ASSESSMENT RESULTS
Has the user adequately protected the confidentiality of SWIFT-related data transmitted or stored outside of the secure zone as

Summary
Control Disposition
Recommendations
EXTERNAL TRANSMISSION DATA PROTECTION
NTROL INFORMATION
ONTROL OBJECTIVE
smitted or stored outside of the secure zone as part of operational processes.
RISK DRIVERS
• Compromise of trusted backup data
• Loss of sensitive data confidentiality
ONTROL STATEMENT
n backups, business transaction data replication for archiving or recovery purposes or (ii) extraction for off-line processing is
de of a secure zone and encrypted while in transit.
ONTROL CONTEXT
ol covers the underlying SWIFT-related data residing in the cloud or exported from the secure zone and manipulated as per
back-ups or manual/automated data extraction/copies).
seful information to prepare fraudulent transactions. Their transfer, handling and storage outside of secure zones (when, for
prevent unauthorised access. Flow or data encryption are usual means to protect such data in transit.
priate authorisation and access control are usual means to protect stored data.
rmed for support activities, additional analysis or business intelligence activities.
SESSMENT RESULTS
itted or stored outside of the secure zone as part of operational processes?

Summary
Recommendations
ATA PROTECTION
ction for off-line processing is
one and manipulated as per
e of secure zones (when, for

ransit.

TBD
2.7 (Advisory for B)
CONTROL INFO
CONTROL OBJ
Identify known vulnerabilities within the local SWIFT environment by implem
IN-SCOPE COMPONENTS
• Jump server
• Dedicated operator PCs
• [Advisory: General-purpose operator PCs as per the optional enhancement]
• all systems hosting a SWIFT-related component (including interface, GUI, SWIFT and customer connectors),
• [Advisory: Local or remote (hosted and/or operated by a third party) Virtualisation platform (also referred as the
hypervisor) hosting SWIFT-related VM’s and their management PCs as per optional enhancement]
• [Advisory A1/A2/A3: Middleware server (such as IBM® MQ server or similar) used for data between back-office and with
SWIFT-related components]
• [Advisory A4: other Middleware server (such as an IBM® MQ server or similar) than customer connector used for data
exchange between back-office and SWIFT-related components]
CONTROL STA
Secure zone including dedicated operator PC systems are scanned for vulnerabilities using an up-t
CONTROL CO
The detection of known vulnerabilities allows vulnerabilities to be analysed, treated, and mitigated. The mitigation of vulne
process which is effective, repeatable and implemented in a timely manner, is necess
ASSESSMENT R
Implementation Guidel
guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the
components relevant for the
The control statement is a suggested mean to fulfil the control objective and the implementation guidel
start an assessment, the implementation guidance section should never be considered as an "audit che
guidelines elements are not present or partially covered, mitigations as well as particular environment
level (again, as per the suggested gui
Guideline
Summar
Recommenda
CONTROL INFORMATION
CONTROL OBJECTIVE
Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability
IN-SCOPE COMPONENTS
rator PCs
eral-purpose operator PCs as per the optional enhancement]
sting a SWIFT-related component (including interface, GUI, SWIFT and customer connectors),
al or remote (hosted and/or operated by a third party) Virtualisation platform (also referred as the
ing SWIFT-related VM’s and their management PCs as per optional enhancement]
2/A3: Middleware server (such as IBM® MQ server or similar) used for data between back-office and with
components]
other Middleware server (such as an IBM® MQ server or similar) than customer connector used for data
een back-office and SWIFT-related components]
CONTROL STATEMENT
Secure zone including dedicated operator PC systems are scanned for vulnerabilities using an up-to-date, reputable scanning t
CONTROL CONTEXT
of known vulnerabilities allows vulnerabilities to be analysed, treated, and mitigated. The mitigation of vulnerabilities reduces the numbe
process which is effective, repeatable and implemented in a timely manner, is necessary to continuously detect kn
ASSESSMENT RESULTS
should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the security go
h, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated control objectiv
statement is a suggested mean to fulfil the control objective and the implementation guidelines are common metho
ssment, the implementation guidance section should never be considered as an "audit checklist" as each user’s im
lements are not present or partially covered, mitigations as well as particular environment specificities have to be
level (again, as per the suggested guidelines or as per alterna
Has the user identified known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability sca

Summary
ol Disposition
Recommendations
ions for security enhancements / improvements>
VULNERABILITY SCANNING
ROL INFORMATION
TROL OBJECTIVE
nt by implementing a regular vulnerability scanning process and act upon results.
RISK DRIVERS
• Exploitation of known security vulnerabilities
TROL STATEMENT
sing an up-to-date, reputable scanning tool and results are considered for appropriate resolving actions.
NTROL CONTEXT
ion of vulnerabilities reduces the number of pathways that a malicious actor can use during an attack. A vulnerability scanning
er, is necessary to continuously detect known vulnerabilities and to allow for further action.
SSMENT RESULTS
tion Guideline-Level Detail
ines or alternatives).
)Meets the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope
vant for the user’s architecture.
ion guidelines are common methods for implementing the control. Even if guidelines can be a good way to
"audit checklist" as each user’s implementation may vary. Therefore, in the case that some implementation
vironment specificities have to be taken into account to properly assess the overall compliance adherence
gested guidelines or as per alternatives).
implementing a regular vulnerability scanning process and acted upon results?

Summary
ecommendations
ABILITY SCANNING
g actions.
attack. A vulnerability scanning
used (be it the suggested
documented in-scope
ines can be a good way to

all compliance adherence
TBD
2.8A
CONTROL INFORMAT
CONTROL OBJECTI
Ensure protection of the local SWIFT infrastructure from risks exp
IN-SCOPE COMPONENTS
• Organisational control applicable when outsourcing critical SWIFT related activities to a third party or a service
provider.
Note: This control remains strongly recommended even when the activities being outsourced are not critical.
CONTROL STATEME
Critical outsourced activities are protected, at a minimum, to the same standard
CONTROL CONTEX
When critical activities are outsourced to third parties (for example, external IT provider or cloud provider) or services providers
the original standard of care for security is maintained (in addition to adherence to this security control
ASSESSMENT RESU
Guideline
Summary
Recommendations
CONTROL INFORMATION
CONTROL OBJECTIVE
Ensure protection of the local SWIFT infrastructure from risks exposed by the outsourc
IN-SCOPE COMPONENTS
ational control applicable when outsourcing critical SWIFT related activities to a third party or a service
is control remains strongly recommended even when the activities being outsourced are not critical.
CONTROL STATEMENT
Critical outsourced activities are protected, at a minimum, to the same standard of care as if operate
CONTROL CONTEXT
tical activities are outsourced to third parties (for example, external IT provider or cloud provider) or services providers (such as a, service b
the original standard of care for security is maintained (in addition to adherence to this security control framework) to ensure
ASSESSMENT RESULTS
Has the user adequately ensured the protection of local SWIFT infrastructure from risks exposed by the outsourcing of critical a

Summary
Control Disposition
Recommendations
CRITICAL ACTIVITY OUTSOURCING
NTROL INFORMATION
ONTROL OBJECTIVE
tructure from risks exposed by the outsourcing of critical activities.
RISK DRIVERS
• Exposure to sub-standard security practices
ONTROL STATEMENT
m, to the same standard of care as if operated within the originating organisation.
ONTROL CONTEXT
) or services providers (such as a, service bureau or a Lite2 for Business Application provider), it is essential that at a minimum,
to this security control framework) to ensure that no new weaknesses or vulnerabilities are introduced.
SESSMENT RESULTS
risks exposed by the outsourcing of critical activities?

Summary
Recommendations
TY OUTSOURCING
it is essential that at a minimum,

oduced.

TBD
2.11A
CONTROL INFORMAT
CONTROL OBJECTI
Restrict transaction activity to validated and approv
IN-SCOPE COMPONENTS
• GUI
• messaging interface
• SWIFT and Customer Connector
Note: GUI, connectors and messaging interface are mentioned as the potential vector for RMA exchange and
reporting
CONTROL STATEME
Implement RMA controls to restrict transaction activity wit
CONTROL CONTEX
Implementing business controls that restrict SWIFT transactions to the fullest extent possible reduces the opportunity for both
analysis of effective business relationships where RMA is a mechanism to prevent unwanted traffic on a service by con
ASSESSMENT RESU
Guideline
Summary
Recommendations
CONTROL INFORMATION
CONTROL OBJECTIVE
Restrict transaction activity to validated and approved business counter
IN-SCOPE COMPONENTS
ing interface
and Customer Connector
UI, connectors and messaging interface are mentioned as the potential vector for RMA exchange and
CONTROL STATEMENT
Implement RMA controls to restrict transaction activity with effective business c
CONTROL CONTEXT
enting business controls that restrict SWIFT transactions to the fullest extent possible reduces the opportunity for both the sending and rece
nalysis of effective business relationships where RMA is a mechanism to prevent unwanted traffic on a service by controlling who can send
ASSESSMENT RESULTS
Has the user restricted transaction activity to validated and approved counterparties ?

Summary
Control Disposition
Recommendations
RMA BUSINESS CONTROLS
NTROL INFORMATION
ONTROL OBJECTIVE
to validated and approved business counterparties.
RISK DRIVERS
• Business conducted with an unauthorised counterparty
ONTROL STATEMENT
transaction activity with effective business counterparties.
ONTROL CONTEXT
he opportunity for both the sending and receiving of fraudulent transactions. These restrictions are best determined through an
fic on a service by controlling who can send traffic. (and what type of messages can be exchanged through RMA Plus).
SESSMENT RESULTS
s?
Summary
Recommendations
SINESS CONTROLS
are best determined through an

nged through RMA Plus).

TBD
5.3A
CONTROL INFORMAT
CONTROL OBJECTI
To the extent permitted and practicable, Ensure the trustworthiness of staff operating th
IN-SCOPE COMPONENTS
• All staff (such as employees, agents, consultants and contractors) with operational (maintenance or
administration) access to SWIFT-related systems, SWIFT and customer connector or middleware servers and local
or remote virtualisation platform hosting SWIFT-related VMs, SWIFT and customer connector VMs or middleware
server VMs.
CONTROL STATEME
Staff operating the local SWIFT infrastructure are screened prior to initial
CONTROL CONTEX
A personnel screening process, internal or external clearance, provides additional assurance that operators or admini
ASSESSMENT RESU
Guideline
Summary
Recommendations
CONTROL INFORMATION
CONTROL OBJECTIVE
To the extent permitted and practicable, Ensure the trustworthiness of staff operating the local SWIFT enviro
IN-SCOPE COMPONENTS
(such as employees, agents, consultants and contractors) with operational (maintenance or
ation) access to SWIFT-related systems, SWIFT and customer connector or middleware servers and local
e virtualisation platform hosting SWIFT-related VMs, SWIFT and customer connector VMs or middleware
Ms.
CONTROL STATEMENT
Staff operating the local SWIFT infrastructure are screened prior to initial employment in that ro
CONTROL CONTEXT
A personnel screening process, internal or external clearance, provides additional assurance that operators or administrators of the local S
ASSESSMENT RESULTS
Has the user ensured the trustworthiness of staff operating the local SWIFT environment by performing staff screening in line w

Summary
Control Disposition
Recommendations
STAFF SCREENING PROCESS
NTROL INFORMATION
ONTROL OBJECTIVE
ess of staff operating the local SWIFT environment by performing regular staff screening
RISK DRIVERS
• Untrustworthy staff or system operators
ONTROL STATEMENT
screened prior to initial employment in that role and periodically thereafter.
ONTROL CONTEXT
at operators or administrators of the local SWIFT infrastructure are trustworthy, and reduces the risk of insider threats.
SESSMENT RESULTS
nment by performing staff screening in line with applicable local laws and regulations?
Summary
Recommendations
EENING PROCESS
e risk of insider threats.

TBD
6.2 (Advisory for A4)
CONTROL INFORM
CONTROL OBJE
Ensure the software integrity of the SWIFT-relate
IN-SCOPE COMPONENTS
• SWIFT connector
• GUI to the messaging and communication interface
• messaging interface
• communication interface
• RMA
• SNL
• Advisory A4: Customer connector
CONTROL STATE
A software integrity check is performed at regular intervals on messaging interface, communication interface, an
CONTROL CON
Software integrity checks provide a detective control against u
ASSESSMENT RE
Implementation Guideline
Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e.
guidelines or altern
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated c
relevant for the user’s a
start an assessment, the implementation guidance section should never be considered as an "audit check
guidelines elements are not present or partially covered, mitigations as well as particular environment spec
(again, as per the suggested guidelin
Guideline
Summary
Recommendatio
CONTROL INFORMATION
CONTROL OBJECTIVE
Ensure the software integrity of the SWIFT-related components and act upon r
IN-SCOPE COMPONENTS
r
aging and communication interface
ace
nterface
stomer connector
CONTROL STATEMENT
software integrity check is performed at regular intervals on messaging interface, communication interface, and other SWIFT-related compo
CONTROL CONTEXT
Software integrity checks provide a detective control against unexpected modification to ope
ASSESSMENT RESULTS
hould use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the security goal, r
mply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective, (ii) Addr
tatement is a suggested mean to fulfil the control objective and the implementation guidelines are common methods f
sment, the implementation guidance section should never be considered as an "audit checklist" as each user’s imple
ents are not present or partially covered, mitigations as well as particular environment specificities have to be taken i
(again, as per the suggested guidelines or as per alternatives).
Has the user ensured the software integrity of the SWIFT-related components?

Summary
Disposition
Recommendations
ns for security enhancements / improvements>
SOFTWARE INTEGRITY
OL INFORMATION
ROL OBJECTIVE
SWIFT-related components and act upon result
RISK DRIVERS
• Unauthorized system changes
ROL STATEMENT
n interface, and other SWIFT-related components and results are considered for appropriate resolving actions.
TROL CONTEXT
ntrol against unexpected modification to operational software.
SMENT RESULTS
ion Guideline-Level Detail
nes or alternatives).
the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope components
the user’s architecture.
on guidelines are common methods for implementing the control. Even if guidelines can be a good way to
audit checklist" as each user’s implementation may vary. Therefore, in the case that some implementation
nment specificities have to be taken into account to properly assess the overall compliance adherence level
ted guidelines or as per alternatives).

Summary
commendations
TWARE INTEGRITY
esolving actions.
sed (be it the suggested
nted in-scope components
nes can be a good way to

compliance adherence level
TBD
6.3 (Advisory for A4)
CONTROL INFOR
CONTROL OBJ
Ensure the integrity of the database records for the SWIFT messagin
IN-SCOPE COMPONENTS
• databases for messaging interface products, including a related hosted database
• databases for customer connector, including a related hosted database
Note: this requirement is not applicable for Architecture A1 if the infrastructure does not include a messaging interface and for
Architecture A4, if there is no database linked to the customer connector.
CONTROL STAT
A database integrity check is performed at regular intervals on databases that record SW
CONTROL CO
Database integrity checks provide a detective control against unexp
ASSESSMENT R
Implementation Guidelin
guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated
relevant for the user’s
The control statement is a suggested mean to fulfil the control objective and the implementation guidelines
an assessment, the implementation guidance section should never be considered as an "audit checklist" as
elements are not present or partially covered, mitigations as well as particular environment specificities h
per the suggested guidelines o
Guideline
Summary
Recommenda
CONTROL INFORMATION
CONTROL OBJECTIVE
Ensure the integrity of the database records for the SWIFT messaging interface or the customer conne
IN-SCOPE COMPONENTS
aging interface products, including a related hosted database
mer connector, including a related hosted database
t is not applicable for Architecture A1 if the infrastructure does not include a messaging interface and for
re is no database linked to the customer connector.
CONTROL STATEMENT
A database integrity check is performed at regular intervals on databases that record SWIFT transactions and results are
CONTROL CONTEXT
Database integrity checks provide a detective control against unexpected modification to records stor
ASSESSMENT RESULTS
ould use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the security goal, re
ply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective, (ii) Addre
ment is a suggested mean to fulfil the control objective and the implementation guidelines are common methods for im
e implementation guidance section should never be considered as an "audit checklist" as each user’s implementation
present or partially covered, mitigations as well as particular environment specificities have to be taken into account
per the suggested guidelines or as per alternatives).
Has the user ensured the integrity of the database records for the SWIFT messaging interface?

Summary
sposition
Recommendations
or security enhancements / improvements>
DATABASE INTEGRITY
OL INFORMATION
OL OBJECTIVE
messaging interface or the customer connector and act upon results
RISK DRIVERS
• Loss of sensitive data integrity
OL STATEMENT
t record SWIFT transactions and results are considered for appropriate resolving action.
ROL CONTEXT
ainst unexpected modification to records stored within the database.
MENT RESULTS
n Guideline-Level Detail
ontrol; i.e. assess the security goal, regardless of the implementation method used (be it the suggested
es or alternatives).
he stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope components
he user’s architecture.
uidelines are common methods for implementing the control. Even if guidelines can be a good way to start
cklist" as each user’s implementation may vary. Therefore, in the case that some implementation guidelines
ficities have to be taken into account to properly assess the overall compliance adherence level (again, as
idelines or as per alternatives).
ng interface?
Summary
ommendations
ABASE INTEGRITY
ed (be it the suggested
ted in-scope components
can be a good way to start

implementation guidelines
adherence level (again, as
TBD
6.5A
CONTROL INFORMAT
CONTROL OBJECTI
Detect and contain anomalous network activity into and within
IN-SCOPE COMPONENTS
• Network (data exchange layer reaching the SWIFT-related components and inside the secure zone)
• Remote (hosted and/or operated by a third party) Virtualisation platform supporting the user SWIFT environment
CONTROL STATEME
Intrusion detection is implemented to detect unauthorised ne
CONTROL CONTEX
Intrusion detection systems are most commonly implemented on a network (NIDS) – establishing a baseline for normal oper
network becomes more complex (for example, systems communicating to many destinations, Internet access), so will the intrus
is a helpful enabler for more straightforward and effect
Host intrusion detection systems (HIDS) are intended to protect the individual system they are implemented on in addition to
Intrusion detection systems (NIDS or HIDS) often combine signature- and anomaly-based detection methods. Some syst
Endpoint detection and response (EDR) is an emerging technology that addresses the need for continuous monitoring an
hosts/endpoints. This technology is more frequently combined with endpoint p
ASSESSMENT RESU
Guideline
Summary
Recommendations
CONTROL INFORMATION
CONTROL OBJECTIVE
Detect and contain anomalous network activity into and within the local or remote S
IN-SCOPE COMPONENTS
k (data exchange layer reaching the SWIFT-related components and inside the secure zone)
(hosted and/or operated by a third party) Virtualisation platform supporting the user SWIFT environment
CONTROL STATEMENT
Intrusion detection is implemented to detect unauthorised network access and an
CONTROL CONTEXT
on detection systems are most commonly implemented on a network (NIDS) – establishing a baseline for normal operations and sending n
becomes more complex (for example, systems communicating to many destinations, Internet access), so will the intrusion detection capabi
is a helpful enabler for more straightforward and effective intrusion detection
ntrusion detection systems (HIDS) are intended to protect the individual system they are implemented on in addition to detect as well as the
usion detection systems (NIDS or HIDS) often combine signature- and anomaly-based detection methods. Some systems have the ability t
dpoint detection and response (EDR) is an emerging technology that addresses the need for continuous monitoring and response to advanc
hosts/endpoints. This technology is more frequently combined with endpoint protection platform (EP
ASSESSMENT RESULTS
Does the user detect and prevent anomalous network activity into and within the local SWIFT environment?

Summary
Control Disposition
Recommendations
INTRUSION DETECTION
NTROL INFORMATION
ONTROL OBJECTIVE
activity into and within the local or remote SWIFT environment.
RISK DRIVERS
• Undetected anomalies or suspicious activity
ONTROL STATEMENT
detect unauthorised network access and anomalous activity.
ONTROL CONTEXT
aseline for normal operations and sending notifications when abnormal activity on the network is detected. As an operational
ccess), so will the intrusion detection capability needed to perform adequate detection. Therefore, simplifying network behaviour
aightforward and effective intrusion detection solutions.
mented on in addition to detect as well as the network packets on its network interfaces, similar to the way an NIDS operates.
n methods. Some systems have the ability to respond to any detected intrusion (for example, terminating the connection).
ntinuous monitoring and response to advanced threats by detecting suspicious activities and (traces of) other problems on
mbined with endpoint protection platform (EPP) that focuses at the device level.
SESSMENT RESULTS
cal SWIFT environment?

Summary
Recommendations
USION DETECTION
s detected. As an operational
e, simplifying network behaviour
o the way an NIDS operates.

rminating the connection).
aces of) other problems on

TBD
7.3A
CONTROL INFORMAT
CONTROL OBJECTI
Validate the operational security configuration and identify secur
IN-SCOPE COMPONENTS
• general-purpose operator PC or when used jump server used to access the secure zone
• Dedicated operator PCs
• Data exchange layer (the entry points to the secure zone or flows established to the secure zone components
should be considered)
• SWIFT-related components (including interfaces, GUI, SWIFT and customer connectors)
• systems or virtual machines hosting SWIFT-related components
• network devices protecting the secure zone
• Remote (operated by a third party) Virtualisation Platform (also referred as the hypervisor) hosting SWIFT related
VM’s and their management PCs
CONTROL STATEME
Application, host, and network penetration testing is conducted towards the secure
CONTROL CONTEX
Penetration testing is based on simulated attacks that use similar technologies to those deployed in real attacks. It is used to
access the targeted environment. Conducting these simulations is an effective tool for identifying weaknesse
ASSESSMENT RESU
Guideline
Summary
Recommendations
CONTROL INFORMATION
CONTROL OBJECTIVE
Validate the operational security configuration and identify security gaps by performin
IN-SCOPE COMPONENTS
l-purpose operator PC or when used jump server used to access the secure zone
ted operator PCs
xchange layer (the entry points to the secure zone or flows established to the secure zone components
e considered)
-related components (including interfaces, GUI, SWIFT and customer connectors)
s or virtual machines hosting SWIFT-related components
devices protecting the secure zone
e (operated by a third party) Virtualisation Platform (also referred as the hypervisor) hosting SWIFT related
their management PCs
CONTROL STATEMENT
Application, host, and network penetration testing is conducted towards the secure zone and the operat
CONTROL CONTEXT
ation testing is based on simulated attacks that use similar technologies to those deployed in real attacks. It is used to determine the pathw
access the targeted environment. Conducting these simulations is an effective tool for identifying weaknesses in the environment
ASSESSMENT RESULTS
Has the user validated the operational security configuration and identify security gaps by performing penetration testing?

Summary
Control Disposition
Recommendations
PENETRATION TESTING
NTROL INFORMATION
ONTROL OBJECTIVE
ation and identify security gaps by performing penetration testing.
RISK DRIVERS
• Unknown security vulnerabilities or security misconfigurations
ONTROL STATEMENT
ted towards the secure zone and the operator PCs or, when used, the jump server.
ONTROL CONTEXT
al attacks. It is used to determine the pathways that attackers might use, and the depth to which the attackers may be able to
identifying weaknesses in the environment which may require correction, improvement, or additional controls.
SESSMENT RESULTS
aps by performing penetration testing?

Summary
Recommendations
TRATION TESTING
h the attackers may be able to

ional controls.

TBD
7.4A
CONTROL INFORMAT
CONTROL OBJECTI
Evaluate the risk and readiness of the organization based
IN-SCOPE COMPONENTS
• Organizational control (people, processes and infrastructure) to be also met by third party operating a remote
virtualisation platform (also referred as the hypervisor) hosting SWIFT-related VM’s
CONTROL STATEME
Scenario-based risk assessments are conducted regularly to improve incident response prepared
CONTROL CONTEX
Scenario-based risk assessments, including cyberwar games, test vario
targeting the hosted SWIFT-related infrastructure. Scenario-bas
business driven exercises performed as part of
Such assessment considers the following non-exhaustive threats: end-user impersonation, message tampering, message eav
affecting service availability. Results of the assessment and existing mitigations help to identify areas of risks tha
Identified actions, mitigations, or updates have to be reported and followed up for closure according to
Several ISRM frameworks exist and can be consulted (for example, on NIST, ENISA, COBRA or ISO sites or from a local or
ISRM and resources (such as CIS-Critical Security Controls). These frameworks can be used to start implementin
ASSESSMENT RESU
Guideline
Summary
Recommendations
CONTROL INFORMATION
CONTROL OBJECTIVE
Evaluate the risk and readiness of the organization based on plausible cyber at
IN-SCOPE COMPONENTS
ational control (people, processes and infrastructure) to be also met by third party operating a remote
tion platform (also referred as the hypervisor) hosting SWIFT-related VM’s
CONTROL STATEMENT
Scenario-based risk assessments are conducted regularly to improve incident response preparedness and to increase
CONTROL CONTEXT
Scenario-based risk assessments, including cyberwar games, test various attacks on existin
targeting the hosted SWIFT-related infrastructure. Scenario-based risk assessment
business driven exercises performed as part of institution risk mana
sessment considers the following non-exhaustive threats: end-user impersonation, message tampering, message eavesdropping, third-par
affecting service availability. Results of the assessment and existing mitigations help to identify areas of risks that may require future a
Identified actions, mitigations, or updates have to be reported and followed up for closure according to their criticality as per
l ISRM frameworks exist and can be consulted (for example, on NIST, ENISA, COBRA or ISO sites or from a local or regulator's standard o
ISRM and resources (such as CIS-Critical Security Controls). These frameworks can be used to start implementing a basic risk manag
ASSESSMENT RESULTS
Has the user evaluated the risk and readiness of the organization based on plausible cyber attack scenarios?

Summary
Control Disposition
Recommendations
SCENARIO RISK ASSESSMENT
NTROL INFORMATION
ONTROL OBJECTIVE
he organization based on plausible cyber attack scenarios.
RISK DRIVERS
• Excess harm from deficient cyber readiness
• Unidentified sensitivity to cyber exposure
ONTROL STATEMENT
ent response preparedness and to increase the maturity of the organization's security programme.
ONTROL CONTEXT
erwar games, test various attacks on existing systems and processes
ucture. Scenario-based risk assessments include technical and
performed as part of institution risk management
mpering, message eavesdropping, third-party software weaknesses, compromising systems or Denial of Service (DoS) attacks
entify areas of risks that may require future actions, risk mitigations or update of the cyber incident response plan.
r closure according to their criticality as per the Information Security Risk Management (ISRM) process.
sites or from a local or regulator's standard or controls set of the same rigour as the industry guidance) to define user's proper
ed to start implementing a basic risk management process to be further enhanced to address user's specific risks.
SESSMENT RESULTS
le cyber attack scenarios?

Summary
Recommendations
RISK ASSESSMENT
me.
Denial of Service (DoS) attacks

ent response plan.
process.
dance) to define user's proper

ser's specific risks.

TBD

CSCF Assessment - Template - For - Advisory - Controls - (Version 2022) - v1.1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CSCF Assessment - Template - For - Advisory - Controls - (Version 2022) - v1.1

Uploaded by

Copyright:

Available Formats

637866537.

xlsx - Read me first Tab Template Version: 2019

CSCF ASSESSMENT TEMPLATE INSTRUCTIONS SHEET - VERSION 2022

4 • Architecture A1, A2, A4: BLUE + GREEN + YELLOW tabs

USER BACKGROUND DATA SHEET

ADVISORY CONTROLS SUMMARY

Has the user employed an alternative implementation approach?

• Excess privilege or access

nistrator-level operating system accounts?

ands, deleting evidence).

used (be it the suggested

ented in-scope components

nes can be a good way to

tails as documented in the CSCF>

tails as documented in the CSCF>

ess to the secure zone?

cks that commonly involve

method used (be it the

guidelines can be a good

Has the user employed an alternative implementation approach?

• Loss of sensitive data confidentiality

• Loss of sensitive data integrity

tails as documented in the CSCF>

ce first hops they connect to.

method used (be it the

guidelines can be a good

Has the user employed an alternative implementation approach?

itted or stored outside of the secure zone as part of operational processes?

ction for off-line processing is

one and manipulated as per

e of secure zones (when, for

method used (be it the

guidelines can be a good

Has the user employed an alternative implementation approach?

implementing a regular vulnerability scanning process and acted upon results?

attack. A vulnerability scanning

used (be it the suggested

ines can be a good way to

Has the user employed an alternative implementation approach?

• Exposure to sub-standard security practices

risks exposed by the outsourcing of critical activities?

it is essential that at a minimum,

method used (be it the

guidelines can be a good

Has the user employed an alternative implementation approach?

are best determined through an

method used (be it the

guidelines can be a good

Has the user employed an alternative implementation approach?

• Untrustworthy staff or system operators

e risk of insider threats.

method used (be it the

guidelines can be a good

Has the user employed an alternative implementation approach?

tails as documented in the CSCF>

sed (be it the suggested

nted in-scope components

nes can be a good way to

Has the user employed an alternative implementation approach?

• Loss of sensitive data integrity

ed (be it the suggested

ted in-scope components

can be a good way to start