Professional Documents
Culture Documents
The information herein is confidential and will not disclosed to third parties without written permission Template Copyright © S.W.I.F.T. SCRL, 2019
Date Change
31-Jan-20 Removed Completion letter tab to make it a standalone word document
Inserted a clause on each control, before the Implemntation guidelines to stress
31-Jan-20 on the risk based approach to be used by assessors
31-Jan-20 Inserted a revision record sheet
17-Jul-20 alignement with CSCF v2021
30/Nov/20 inserted A4, change the text for the completion letter, review color coding
12/Oct/21 updated for v2022
637866537.xlsx - User Data Tab Template Version: 2019
The information herein is confidential and will not disclosed to third parties without written permission Template Copyright © S.W.I.F.T. SCRL, 2019
637866537.xlsx - Summary Tab Template Version: 2019
The information herein is confidential and will not disclosed to third parties without written permission Template Copyright © S.W.I.F.T. SCRL, 2019
1.2 (Advisory for B)
CONTROL INFORM
CONTROL OBJE
Restrict and control the allocation and usage of admini
IN-SCOPE COMPONENTS
Administrator-level accounts defined on the following components:
• Systems or virtual machines (VMs) hosting a SWIFT-related component (including interface, GUI, SWIFT or customer
connector)
• dedicated operator PCs
• network devices protecting the secure zone
• Local or remote (hosted and/or operated by a third party) Virtualisation platform (also referred as the hypervisor) hosting
SWIFT-related VM’s
• [Advisory A1/A2/A3: Middleware server (such as IBM® MQ server or similar) than customer connector used for data
exchange between back-office and SWIFT-related components]
• [Advisory: General-purpose operator PC]
CONTROL STATE
Access to administrator-level operating system accounts is restricted to the maximum extent possible. Usage is controlled, mo
and emergency activities. At all other times, an acco
CONTROL CONT
Tightly protecting administrator-level accounts within the operating system reduces the opportunity for an attacker to use
ASSESSMENT RE
Implementation Guideline
Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e. a
guidelines or altern
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated c
relevant for the user’s a
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
start an assessment, the implementation guidance section should never be considered as an "audit checkl
guidelines elements are not present or partially covered, mitigations as well as particular environment sp
level (again, as per the suggeste guidel
Guideline
Summary
Overall Control Disposition
Recommendatio
<Recommendations for security enhancements / improvements>
OPERAT
CONTROL INFORMATION
CONTROL OBJECTIVE
Restrict and control the allocation and usage of administrator-level operating system
IN-SCOPE COMPONENTS
el accounts defined on the following components:
ual machines (VMs) hosting a SWIFT-related component (including interface, GUI, SWIFT or customer
ator PCs
s protecting the secure zone
(hosted and/or operated by a third party) Virtualisation platform (also referred as the hypervisor) hosting
M’s
/A3: Middleware server (such as IBM® MQ server or similar) than customer connector used for data
en back-office and SWIFT-related components]
ral-purpose operator PC]
CONTROL STATEMENT
nistrator-level operating system accounts is restricted to the maximum extent possible. Usage is controlled, monitored, and only permitted f
and emergency activities. At all other times, an account with least privilege access
CONTROL CONTEXT
otecting administrator-level accounts within the operating system reduces the opportunity for an attacker to use the privileges of the account
ASSESSMENT RESULTS
Implementation Guideline-Level Detail
should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the security goal,
guidelines or alternatives).
mply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective, (ii) Addr
relevant for the user’s architecture.
tatement is a suggested mean to fulfil the control objective and the implementation guidelines are common methods f
ssment, the implementation guidance section should never be considered as an "audit checklist" as each user’s imple
lements are not present or partially covered, mitigations as well as particular environment specificities have to be take
level (again, as per the suggeste guidelines or as per alternative
Has the user adequately restricted and controlled the allocation and usage of administrator-level operating system accounts?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>
Summary
l Disposition
Recommendations
ons for security enhancements / improvements>
OPERATING SYSTEM PRIVILEGED ACCOUNT CONTROL
ROL INFORMATION
TROL OBJECTIVE
sage of administrator-level operating system accounts.
RISK DRIVERS
• Deletion of logs and forensic evidence
• Lack of traceability
• Unauthorized system changes
ROL STATEMENT
s controlled, monitored, and only permitted for relevant activities such as software installation and configuration, maintenance,
times, an account with least privilege access is used.
TROL CONTEXT
attacker to use the privileges of the account as part of an attack (for example, executing commands, deleting evidence).
SSMENT RESULTS
tion Guideline-Level Detail
control; i.e. assess the security goal, regardless of the implementation method used (be it the suggested
nes or alternatives).
the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope components
the user’s architecture.
on guidelines are common methods for implementing the control. Even if guidelines can be a good way to
"audit checklist" as each user’s implementation may vary. Therefore, in the case that some implementation
ironment specificities have to be taken into account to properly assess the overall compliance adherence
geste guidelines or as per alternatives).
ecommendations
CCOUNT CONTROL
nd configuration, maintenance,
CONTROL OBJECTI
Ensure the protection of the customer’s connectivity infrastructure from external environment
IN-SCOPE COMPONENTS
• Customer connector
• Dedicated and general-purpose operator PCs
• Jump server
Note: This control must be considered by Architecture types A1, A2 and A3 when a customer connector is also
present outside of an existing SWIFT secure zone.
CONTROL STATEME
A separated secure zone safeguards the customer's infrastructure used for external connectivity from extern
CONTROL CONTEX
Segmentation between the customer's connectivity infrastructure and its larger enterprise network reduces the attack sur
compromise of the general enterprise IT environment. Effective segmentation will include net
ASSESSMENT RESU
Implementation Guideline-Lev
Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the state
components relevant for the user’
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste
Guideline
a) Overall design
goals for
implementing
environment
b) separation
Scope of the
secure zone
c)
Protection of the
secure zone -
Boundary
protection
d.1)
Access to the
secure zone
systems - Local
operator (end user
and administrator)
access
Access to the
secure zone
systems - Local
operator (end user
and administrator)
access
d.2)
Access to the
secure zone
systems - Remote
operator access
e)
Separation from
general enterprise
IT services
Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Ensure the protection of the customer’s connectivity infrastructure from external environment and potentially comp
IN-SCOPE COMPONENTS
er connector
ed and general-purpose operator PCs
erver
is control must be considered by Architecture types A1, A2 and A3 when a customer connector is also
outside of an existing SWIFT secure zone.
CONTROL STATEMENT
A separated secure zone safeguards the customer's infrastructure used for external connectivity from external environments and
CONTROL CONTEXT
gmentation between the customer's connectivity infrastructure and its larger enterprise network reduces the attack surface and has shown
compromise of the general enterprise IT environment. Effective segmentation will include network-level separation
ASSESSMENT RESULTS
Implementation Guideline-Level Detail
sessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the secur
suggested guidelines or alternatives).
uch, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective
components relevant for the user’s architecture.
ontrol statement is a suggested mean to fulfil the control objective and the implementation guidelines are common me
o start an assessment, the implementation guidance section should never be considered as an "audit checklist" as ea
mentation guidelines elements are not present or partially covered, mitigations as well as particular environment spec
compliance adherence level (again, as per the suggested guidelines or as
Has the user adequately defined and documented design goals for implementing environment separation?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>
Has the user employed an alternative implementation approach?
<Alternative guideline implementation approach and details>
Has the user adequately defined and implemented the scope for the secure zone?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>
Has the user employed an alternative implementation approach?
<Alternative guideline implementation approach and details>
Has the user adequately implemented boundary protections for the secure zone?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>
Has the user employed an alternative implementation approach?
<Alternative guideline implementation approach and details>
Has the user adequately controlled local operator (end user and administrator) access to the secure zone?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>
Has the user employed an alternative implementation approach?
<Alternative guideline implementation approach and details>
Has the user adequately controlled remote operator (teleworker, "on-call" staff, remote administrator) access to the secure zone
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>
Has the user employed an alternative implementation approach?
<Alternative guideline implementation approach and details>
Has the user adequately separated the secure zone from general enterprise IT services?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>
Has the user employed an alternative implementation approach?
<Alternative guideline implementation approach and details>
Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
CUSTOMER ENVIRONMENT PROTECTION
NTROL INFORMATION
ONTROL OBJECTIVE
m external environment and potentially compromised elements of the general IT environment.
RISK DRIVERS
• Compromise of enterprise authentication system
• Compromise of user credentials
• Credential replay
• Exposure to internet-based attacks
• Unauthorized access
ONTROL STATEMENT
connectivity from external environments and compromises or attacks on the broader enterprise environment.
ONTROL CONTEXT
reduces the attack surface and has shown to be an effective way to defend against cyber attacks that commonly involve
entation will include network-level separation, access restrictions, and connectivity restrictions.
SESSMENT RESULTS
entation Guideline-Level Detail
the CSP control; i.e. assess the security goal, regardless of the implementation method used (be it the
d guidelines or alternatives).
t: (i)Meets the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope
elevant for the user’s architecture.
mentation guidelines are common methods for implementing the control. Even if guidelines can be a good
nsidered as an "audit checklist" as each user’s implementation may vary. Therefore, in the case that some
as well as particular environment specificities have to be taken into account to properly assess the overall
as per the suggested guidelines or as per alternatives).
nvironment separation?
tails as documented in the CSCF>
vices?
tails as documented in the CSCF>
Summary
Recommendations
MENT PROTECTION
environment.
he documented in-scope
IN-SCOPE COMPONENTS
• Data exchange layer: flows of financial transactions between the local or remote (hosted or operated by a third
party, or both) SWIFT-related components (interfaces, GUI or SWIFT and customer connectors) and the back-
office first hops at the application level they are connected to (directly or through middleware).
CONTROL STATEME
Confidentiality, integrity, and authentication mechanisms (at system, transport or message level) are implemented to protec
CONTROL CONTEX
Protection of data flows/connections between the back office first hops, at application level, as seen from the SWIFT or cus
disclosure, modification, and data acces
ASSESSMENT RESU
Implementation Guideline-Lev
Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the state
components relevant for the user
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste
Guideline
Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Ensure the confidentiality, integrity, and mutual authenticity of data flows between local or remote SWIFT infrastructure c
IN-SCOPE COMPONENTS
change layer: flows of financial transactions between the local or remote (hosted or operated by a third
both) SWIFT-related components (interfaces, GUI or SWIFT and customer connectors) and the back-
t hops at the application level they are connected to (directly or through middleware).
CONTROL STATEMENT
dentiality, integrity, and authentication mechanisms (at system, transport or message level) are implemented to protect data flows between
CONTROL CONTEXT
ection of data flows/connections between the back office first hops, at application level, as seen from the SWIFT or customer secure zone, a
disclosure, modification, and data access while in transit.
ASSESSMENT RESULTS
Implementation Guideline-Level Detail
sessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the secu
suggested guidelines or alternatives).
uch, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective
components relevant for the user’s architecture.
ontrol statement is a suggested mean to fulfil the control objective and the implementation guidelines are common me
o start an assessment, the implementation guidance section should never be considered as an "audit checklist" as ea
mentation guidelines elements are not present or partially covered, mitigations as well as particular environment spec
compliance adherence level (again, as per the suggested guidelines or as
Has the user adequately ensured the confidentiality, integrity, and mutual authenticity of data flows between SWIFT infrastructu
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>
Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
BACK-OFFICE DATA FLOW SECURITY
NTROL INFORMATION
ONTROL OBJECTIVE
ween local or remote SWIFT infrastructure components and the back office first hop they connect to.
RISK DRIVERS
ONTROL STATEMENT
implemented to protect data flows between SWIFT infrastructure components and the back-office first hops they connect to.
ONTROL CONTEXT
from the SWIFT or customer secure zone, and the SWIFT infrastructure safeguards against man-in-the-middle, unintended
ication, and data access while in transit.
SESSMENT RESULTS
entation Guideline-Level Detail
the CSP control; i.e. assess the security goal, regardless of the implementation method used (be it the
d guidelines or alternatives).
t: (i)Meets the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope
elevant for the user’s architecture.
mentation guidelines are common methods for implementing the control. Even if guidelines can be a good
nsidered as an "audit checklist" as each user’s implementation may vary. Therefore, in the case that some
as well as particular environment specificities have to be taken into account to properly assess the overall
as per the suggested guidelines or as per alternatives).
ity of data flows between SWIFT infrastructure components and the back office first hop they connect to?
Recommendations
A FLOW SECURITY
ct to.
an-in-the-middle, unintended
he documented in-scope
IN-SCOPE COMPONENTS
• SWIFT-related secure zone sensitive data (such as back-ups, business transaction details and credentials)
CONTROL STATEME
Sensitive SWIFT-related data leaving the secure zone as the result of (i) operating system/application backups, business tr
protected when stored outside of a secure zone an
CONTROL CONTEX
While 2.4A covers the (back office) application flows with the SWIFT-related components, this control covers the underlying
operational activities (such as back-ups or manual/aut
Operating system or applications backups and replication of business transaction data can provide useful information to pre
example, using the SAN/NAS10 technology), have therefore to be secured to prevent unauthorised a
Back-up encryption, encryption of data at rest or appropriate authorisation and
Off-line processing covers for example processing performed for support activit
ASSESSMENT RESU
Implementation Guideline-Lev
Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the state
components relevant for the user
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste
Guideline
Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Protect the confidentiality of SWIFT-related data transmitted or stored outside of the secure zone
IN-SCOPE COMPONENTS
related secure zone sensitive data (such as back-ups, business transaction details and credentials)
CONTROL STATEMENT
itive SWIFT-related data leaving the secure zone as the result of (i) operating system/application backups, business transaction data replica
protected when stored outside of a secure zone and encrypted while in
CONTROL CONTEXT
e 2.4A covers the (back office) application flows with the SWIFT-related components, this control covers the underlying SWIFT-related data
operational activities (such as back-ups or manual/automated data extractio
ating system or applications backups and replication of business transaction data can provide useful information to prepare fraudulent trans
example, using the SAN/NAS10 technology), have therefore to be secured to prevent unauthorised access. Flow or data e
Back-up encryption, encryption of data at rest or appropriate authorisation and access control are u
Off-line processing covers for example processing performed for support activities, additional analys
ASSESSMENT RESULTS
Implementation Guideline-Level Detail
sessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the secu
suggested guidelines or alternatives).
uch, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective
components relevant for the user’s architecture.
ontrol statement is a suggested mean to fulfil the control objective and the implementation guidelines are common me
o start an assessment, the implementation guidance section should never be considered as an "audit checklist" as ea
mentation guidelines elements are not present or partially covered, mitigations as well as particular environment spec
compliance adherence level (again, as per the suggested guidelines or as
Has the user adequately protected the confidentiality of SWIFT-related data transmitted or stored outside of the secure zone as
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>
Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
EXTERNAL TRANSMISSION DATA PROTECTION
NTROL INFORMATION
ONTROL OBJECTIVE
smitted or stored outside of the secure zone as part of operational processes.
RISK DRIVERS
• Compromise of trusted backup data
• Loss of sensitive data confidentiality
ONTROL STATEMENT
n backups, business transaction data replication for archiving or recovery purposes or (ii) extraction for off-line processing is
de of a secure zone and encrypted while in transit.
ONTROL CONTEXT
ol covers the underlying SWIFT-related data residing in the cloud or exported from the secure zone and manipulated as per
back-ups or manual/automated data extraction/copies).
seful information to prepare fraudulent transactions. Their transfer, handling and storage outside of secure zones (when, for
prevent unauthorised access. Flow or data encryption are usual means to protect such data in transit.
priate authorisation and access control are usual means to protect stored data.
rmed for support activities, additional analysis or business intelligence activities.
SESSMENT RESULTS
entation Guideline-Level Detail
the CSP control; i.e. assess the security goal, regardless of the implementation method used (be it the
d guidelines or alternatives).
t: (i)Meets the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope
elevant for the user’s architecture.
mentation guidelines are common methods for implementing the control. Even if guidelines can be a good
nsidered as an "audit checklist" as each user’s implementation may vary. Therefore, in the case that some
as well as particular environment specificities have to be taken into account to properly assess the overall
as per the suggested guidelines or as per alternatives).
Recommendations
ATA PROTECTION
he documented in-scope
IN-SCOPE COMPONENTS
• Jump server
• Dedicated operator PCs
• [Advisory: General-purpose operator PCs as per the optional enhancement]
• all systems hosting a SWIFT-related component (including interface, GUI, SWIFT and customer connectors),
• [Advisory: Local or remote (hosted and/or operated by a third party) Virtualisation platform (also referred as the
hypervisor) hosting SWIFT-related VM’s and their management PCs as per optional enhancement]
• [Advisory A1/A2/A3: Middleware server (such as IBM® MQ server or similar) used for data between back-office and with
SWIFT-related components]
• [Advisory A4: other Middleware server (such as an IBM® MQ server or similar) than customer connector used for data
exchange between back-office and SWIFT-related components]
CONTROL STA
Secure zone including dedicated operator PC systems are scanned for vulnerabilities using an up-t
CONTROL CO
The detection of known vulnerabilities allows vulnerabilities to be analysed, treated, and mitigated. The mitigation of vulne
process which is effective, repeatable and implemented in a timely manner, is necess
ASSESSMENT R
Implementation Guidel
Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the
components relevant for the
The control statement is a suggested mean to fulfil the control objective and the implementation guidel
start an assessment, the implementation guidance section should never be considered as an "audit che
guidelines elements are not present or partially covered, mitigations as well as particular environment
level (again, as per the suggested gui
Guideline
Summar
Overall Control Disposition
Recommenda
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Identify known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability
IN-SCOPE COMPONENTS
rator PCs
eral-purpose operator PCs as per the optional enhancement]
sting a SWIFT-related component (including interface, GUI, SWIFT and customer connectors),
al or remote (hosted and/or operated by a third party) Virtualisation platform (also referred as the
ing SWIFT-related VM’s and their management PCs as per optional enhancement]
2/A3: Middleware server (such as IBM® MQ server or similar) used for data between back-office and with
components]
other Middleware server (such as an IBM® MQ server or similar) than customer connector used for data
een back-office and SWIFT-related components]
CONTROL STATEMENT
Secure zone including dedicated operator PC systems are scanned for vulnerabilities using an up-to-date, reputable scanning t
CONTROL CONTEXT
of known vulnerabilities allows vulnerabilities to be analysed, treated, and mitigated. The mitigation of vulnerabilities reduces the numbe
process which is effective, repeatable and implemented in a timely manner, is necessary to continuously detect kn
ASSESSMENT RESULTS
Implementation Guideline-Level Detail
should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the security go
guidelines or alternatives).
h, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated control objectiv
components relevant for the user’s architecture.
statement is a suggested mean to fulfil the control objective and the implementation guidelines are common metho
ssment, the implementation guidance section should never be considered as an "audit checklist" as each user’s im
lements are not present or partially covered, mitigations as well as particular environment specificities have to be
level (again, as per the suggested guidelines or as per alterna
Has the user identified known vulnerabilities within the local SWIFT environment by implementing a regular vulnerability sca
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>
Summary
ol Disposition
Recommendations
ions for security enhancements / improvements>
VULNERABILITY SCANNING
ROL INFORMATION
TROL OBJECTIVE
nt by implementing a regular vulnerability scanning process and act upon results.
RISK DRIVERS
• Exploitation of known security vulnerabilities
TROL STATEMENT
sing an up-to-date, reputable scanning tool and results are considered for appropriate resolving actions.
NTROL CONTEXT
ion of vulnerabilities reduces the number of pathways that a malicious actor can use during an attack. A vulnerability scanning
er, is necessary to continuously detect known vulnerabilities and to allow for further action.
SSMENT RESULTS
tion Guideline-Level Detail
control; i.e. assess the security goal, regardless of the implementation method used (be it the suggested
ines or alternatives).
)Meets the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope
vant for the user’s architecture.
ion guidelines are common methods for implementing the control. Even if guidelines can be a good way to
"audit checklist" as each user’s implementation may vary. Therefore, in the case that some implementation
vironment specificities have to be taken into account to properly assess the overall compliance adherence
gested guidelines or as per alternatives).
ecommendations
ABILITY SCANNING
g actions.
documented in-scope
IN-SCOPE COMPONENTS
• Organisational control applicable when outsourcing critical SWIFT related activities to a third party or a service
provider.
Note: This control remains strongly recommended even when the activities being outsourced are not critical.
CONTROL STATEME
Critical outsourced activities are protected, at a minimum, to the same standard
CONTROL CONTEX
When critical activities are outsourced to third parties (for example, external IT provider or cloud provider) or services providers
the original standard of care for security is maintained (in addition to adherence to this security control
ASSESSMENT RESU
Implementation Guideline-Lev
Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the state
components relevant for the user
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste
Guideline
Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Ensure protection of the local SWIFT infrastructure from risks exposed by the outsourc
IN-SCOPE COMPONENTS
ational control applicable when outsourcing critical SWIFT related activities to a third party or a service
is control remains strongly recommended even when the activities being outsourced are not critical.
CONTROL STATEMENT
Critical outsourced activities are protected, at a minimum, to the same standard of care as if operate
CONTROL CONTEXT
tical activities are outsourced to third parties (for example, external IT provider or cloud provider) or services providers (such as a, service b
the original standard of care for security is maintained (in addition to adherence to this security control framework) to ensure
ASSESSMENT RESULTS
Implementation Guideline-Level Detail
sessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the secu
suggested guidelines or alternatives).
uch, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective
components relevant for the user’s architecture.
ontrol statement is a suggested mean to fulfil the control objective and the implementation guidelines are common me
o start an assessment, the implementation guidance section should never be considered as an "audit checklist" as ea
mentation guidelines elements are not present or partially covered, mitigations as well as particular environment spec
compliance adherence level (again, as per the suggested guidelines or as
Has the user adequately ensured the protection of local SWIFT infrastructure from risks exposed by the outsourcing of critical a
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>
Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
CRITICAL ACTIVITY OUTSOURCING
NTROL INFORMATION
ONTROL OBJECTIVE
tructure from risks exposed by the outsourcing of critical activities.
RISK DRIVERS
ONTROL STATEMENT
m, to the same standard of care as if operated within the originating organisation.
ONTROL CONTEXT
) or services providers (such as a, service bureau or a Lite2 for Business Application provider), it is essential that at a minimum,
to this security control framework) to ensure that no new weaknesses or vulnerabilities are introduced.
SESSMENT RESULTS
entation Guideline-Level Detail
the CSP control; i.e. assess the security goal, regardless of the implementation method used (be it the
d guidelines or alternatives).
t: (i)Meets the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope
elevant for the user’s architecture.
mentation guidelines are common methods for implementing the control. Even if guidelines can be a good
nsidered as an "audit checklist" as each user’s implementation may vary. Therefore, in the case that some
as well as particular environment specificities have to be taken into account to properly assess the overall
as per the suggested guidelines or as per alternatives).
Recommendations
TY OUTSOURCING
he documented in-scope
IN-SCOPE COMPONENTS
• GUI
• messaging interface
• SWIFT and Customer Connector
Note: GUI, connectors and messaging interface are mentioned as the potential vector for RMA exchange and
reporting
CONTROL STATEME
Implement RMA controls to restrict transaction activity wit
CONTROL CONTEX
Implementing business controls that restrict SWIFT transactions to the fullest extent possible reduces the opportunity for both
analysis of effective business relationships where RMA is a mechanism to prevent unwanted traffic on a service by con
ASSESSMENT RESU
Implementation Guideline-Lev
Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the state
components relevant for the user
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste
Guideline
Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Restrict transaction activity to validated and approved business counter
IN-SCOPE COMPONENTS
ing interface
and Customer Connector
UI, connectors and messaging interface are mentioned as the potential vector for RMA exchange and
CONTROL STATEMENT
Implement RMA controls to restrict transaction activity with effective business c
CONTROL CONTEXT
enting business controls that restrict SWIFT transactions to the fullest extent possible reduces the opportunity for both the sending and rece
nalysis of effective business relationships where RMA is a mechanism to prevent unwanted traffic on a service by controlling who can send
ASSESSMENT RESULTS
Implementation Guideline-Level Detail
sessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the secu
suggested guidelines or alternatives).
uch, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective
components relevant for the user’s architecture.
ontrol statement is a suggested mean to fulfil the control objective and the implementation guidelines are common me
o start an assessment, the implementation guidance section should never be considered as an "audit checklist" as ea
mentation guidelines elements are not present or partially covered, mitigations as well as particular environment spec
compliance adherence level (again, as per the suggested guidelines or as
Has the user restricted transaction activity to validated and approved counterparties ?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>
Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
RMA BUSINESS CONTROLS
NTROL INFORMATION
ONTROL OBJECTIVE
to validated and approved business counterparties.
RISK DRIVERS
• Business conducted with an unauthorised counterparty
ONTROL STATEMENT
transaction activity with effective business counterparties.
ONTROL CONTEXT
he opportunity for both the sending and receiving of fraudulent transactions. These restrictions are best determined through an
fic on a service by controlling who can send traffic. (and what type of messages can be exchanged through RMA Plus).
SESSMENT RESULTS
entation Guideline-Level Detail
the CSP control; i.e. assess the security goal, regardless of the implementation method used (be it the
d guidelines or alternatives).
t: (i)Meets the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope
elevant for the user’s architecture.
mentation guidelines are common methods for implementing the control. Even if guidelines can be a good
nsidered as an "audit checklist" as each user’s implementation may vary. Therefore, in the case that some
as well as particular environment specificities have to be taken into account to properly assess the overall
as per the suggested guidelines or as per alternatives).
s?
tails as documented in the CSCF>
Summary
Recommendations
SINESS CONTROLS
he documented in-scope
IN-SCOPE COMPONENTS
• All staff (such as employees, agents, consultants and contractors) with operational (maintenance or
administration) access to SWIFT-related systems, SWIFT and customer connector or middleware servers and local
or remote virtualisation platform hosting SWIFT-related VMs, SWIFT and customer connector VMs or middleware
server VMs.
CONTROL STATEME
Staff operating the local SWIFT infrastructure are screened prior to initial
CONTROL CONTEX
A personnel screening process, internal or external clearance, provides additional assurance that operators or admini
ASSESSMENT RESU
Implementation Guideline-Lev
Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the state
components relevant for the user
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste
Guideline
Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
To the extent permitted and practicable, Ensure the trustworthiness of staff operating the local SWIFT enviro
IN-SCOPE COMPONENTS
(such as employees, agents, consultants and contractors) with operational (maintenance or
ation) access to SWIFT-related systems, SWIFT and customer connector or middleware servers and local
e virtualisation platform hosting SWIFT-related VMs, SWIFT and customer connector VMs or middleware
Ms.
CONTROL STATEMENT
Staff operating the local SWIFT infrastructure are screened prior to initial employment in that ro
CONTROL CONTEXT
A personnel screening process, internal or external clearance, provides additional assurance that operators or administrators of the local S
ASSESSMENT RESULTS
Implementation Guideline-Level Detail
sessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the secu
suggested guidelines or alternatives).
uch, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective
components relevant for the user’s architecture.
ontrol statement is a suggested mean to fulfil the control objective and the implementation guidelines are common me
o start an assessment, the implementation guidance section should never be considered as an "audit checklist" as ea
mentation guidelines elements are not present or partially covered, mitigations as well as particular environment spec
compliance adherence level (again, as per the suggested guidelines or as
Has the user ensured the trustworthiness of staff operating the local SWIFT environment by performing staff screening in line w
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>
Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
STAFF SCREENING PROCESS
NTROL INFORMATION
ONTROL OBJECTIVE
ess of staff operating the local SWIFT environment by performing regular staff screening
RISK DRIVERS
ONTROL STATEMENT
screened prior to initial employment in that role and periodically thereafter.
ONTROL CONTEXT
at operators or administrators of the local SWIFT infrastructure are trustworthy, and reduces the risk of insider threats.
SESSMENT RESULTS
entation Guideline-Level Detail
the CSP control; i.e. assess the security goal, regardless of the implementation method used (be it the
d guidelines or alternatives).
t: (i)Meets the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope
elevant for the user’s architecture.
mentation guidelines are common methods for implementing the control. Even if guidelines can be a good
nsidered as an "audit checklist" as each user’s implementation may vary. Therefore, in the case that some
as well as particular environment specificities have to be taken into account to properly assess the overall
as per the suggested guidelines or as per alternatives).
nment by performing staff screening in line with applicable local laws and regulations?
tails as documented in the CSCF>
Summary
Recommendations
EENING PROCESS
he documented in-scope
IN-SCOPE COMPONENTS
• SWIFT connector
• GUI to the messaging and communication interface
• messaging interface
• communication interface
• RMA
• SNL
• Advisory A4: Customer connector
CONTROL STATE
A software integrity check is performed at regular intervals on messaging interface, communication interface, an
CONTROL CON
Software integrity checks provide a detective control against u
ASSESSMENT RE
Implementation Guideline
Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e.
guidelines or altern
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated c
relevant for the user’s a
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
start an assessment, the implementation guidance section should never be considered as an "audit check
guidelines elements are not present or partially covered, mitigations as well as particular environment spec
(again, as per the suggested guidelin
Guideline
Summary
Overall Control Disposition
Recommendatio
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Ensure the software integrity of the SWIFT-related components and act upon r
IN-SCOPE COMPONENTS
r
aging and communication interface
ace
nterface
stomer connector
CONTROL STATEMENT
software integrity check is performed at regular intervals on messaging interface, communication interface, and other SWIFT-related compo
CONTROL CONTEXT
Software integrity checks provide a detective control against unexpected modification to ope
ASSESSMENT RESULTS
Implementation Guideline-Level Detail
hould use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the security goal, r
guidelines or alternatives).
mply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective, (ii) Addr
relevant for the user’s architecture.
tatement is a suggested mean to fulfil the control objective and the implementation guidelines are common methods f
sment, the implementation guidance section should never be considered as an "audit checklist" as each user’s imple
ents are not present or partially covered, mitigations as well as particular environment specificities have to be taken i
(again, as per the suggested guidelines or as per alternatives).
Has the user ensured the software integrity of the SWIFT-related components?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>
Summary
Disposition
Recommendations
ns for security enhancements / improvements>
SOFTWARE INTEGRITY
OL INFORMATION
ROL OBJECTIVE
SWIFT-related components and act upon result
RISK DRIVERS
• Unauthorized system changes
ROL STATEMENT
n interface, and other SWIFT-related components and results are considered for appropriate resolving actions.
TROL CONTEXT
ntrol against unexpected modification to operational software.
SMENT RESULTS
ion Guideline-Level Detail
control; i.e. assess the security goal, regardless of the implementation method used (be it the suggested
nes or alternatives).
the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope components
the user’s architecture.
on guidelines are common methods for implementing the control. Even if guidelines can be a good way to
audit checklist" as each user’s implementation may vary. Therefore, in the case that some implementation
nment specificities have to be taken into account to properly assess the overall compliance adherence level
ted guidelines or as per alternatives).
commendations
TWARE INTEGRITY
esolving actions.
IN-SCOPE COMPONENTS
• databases for messaging interface products, including a related hosted database
• databases for customer connector, including a related hosted database
Note: this requirement is not applicable for Architecture A1 if the infrastructure does not include a messaging interface and for
Architecture A4, if there is no database linked to the customer connector.
CONTROL STAT
A database integrity check is performed at regular intervals on databases that record SW
CONTROL CO
Database integrity checks provide a detective control against unexp
ASSESSMENT R
Implementation Guidelin
Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated
relevant for the user’s
The control statement is a suggested mean to fulfil the control objective and the implementation guidelines
an assessment, the implementation guidance section should never be considered as an "audit checklist" as
elements are not present or partially covered, mitigations as well as particular environment specificities h
per the suggested guidelines o
Guideline
Summary
Overall Control Disposition
Recommenda
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Ensure the integrity of the database records for the SWIFT messaging interface or the customer conne
IN-SCOPE COMPONENTS
aging interface products, including a related hosted database
mer connector, including a related hosted database
t is not applicable for Architecture A1 if the infrastructure does not include a messaging interface and for
re is no database linked to the customer connector.
CONTROL STATEMENT
A database integrity check is performed at regular intervals on databases that record SWIFT transactions and results are
CONTROL CONTEXT
Database integrity checks provide a detective control against unexpected modification to records stor
ASSESSMENT RESULTS
Implementation Guideline-Level Detail
ould use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the security goal, re
guidelines or alternatives).
ply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective, (ii) Addre
relevant for the user’s architecture.
ment is a suggested mean to fulfil the control objective and the implementation guidelines are common methods for im
e implementation guidance section should never be considered as an "audit checklist" as each user’s implementation
present or partially covered, mitigations as well as particular environment specificities have to be taken into account
per the suggested guidelines or as per alternatives).
Has the user ensured the integrity of the database records for the SWIFT messaging interface?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>
Summary
sposition
Recommendations
or security enhancements / improvements>
DATABASE INTEGRITY
OL INFORMATION
OL OBJECTIVE
messaging interface or the customer connector and act upon results
RISK DRIVERS
OL STATEMENT
t record SWIFT transactions and results are considered for appropriate resolving action.
ROL CONTEXT
ainst unexpected modification to records stored within the database.
MENT RESULTS
n Guideline-Level Detail
ontrol; i.e. assess the security goal, regardless of the implementation method used (be it the suggested
es or alternatives).
he stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope components
he user’s architecture.
uidelines are common methods for implementing the control. Even if guidelines can be a good way to start
cklist" as each user’s implementation may vary. Therefore, in the case that some implementation guidelines
ficities have to be taken into account to properly assess the overall compliance adherence level (again, as
idelines or as per alternatives).
ng interface?
tails as documented in the CSCF>
Summary
ommendations
ABASE INTEGRITY
IN-SCOPE COMPONENTS
• Network (data exchange layer reaching the SWIFT-related components and inside the secure zone)
• Remote (hosted and/or operated by a third party) Virtualisation platform supporting the user SWIFT environment
CONTROL STATEME
Intrusion detection is implemented to detect unauthorised ne
CONTROL CONTEX
Intrusion detection systems are most commonly implemented on a network (NIDS) – establishing a baseline for normal oper
network becomes more complex (for example, systems communicating to many destinations, Internet access), so will the intrus
is a helpful enabler for more straightforward and effect
Host intrusion detection systems (HIDS) are intended to protect the individual system they are implemented on in addition to
Intrusion detection systems (NIDS or HIDS) often combine signature- and anomaly-based detection methods. Some syst
Endpoint detection and response (EDR) is an emerging technology that addresses the need for continuous monitoring an
hosts/endpoints. This technology is more frequently combined with endpoint p
ASSESSMENT RESU
Implementation Guideline-Lev
Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the state
components relevant for the user
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste
Guideline
Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Detect and contain anomalous network activity into and within the local or remote S
IN-SCOPE COMPONENTS
k (data exchange layer reaching the SWIFT-related components and inside the secure zone)
(hosted and/or operated by a third party) Virtualisation platform supporting the user SWIFT environment
CONTROL STATEMENT
Intrusion detection is implemented to detect unauthorised network access and an
CONTROL CONTEXT
on detection systems are most commonly implemented on a network (NIDS) – establishing a baseline for normal operations and sending n
becomes more complex (for example, systems communicating to many destinations, Internet access), so will the intrusion detection capabi
is a helpful enabler for more straightforward and effective intrusion detection
ntrusion detection systems (HIDS) are intended to protect the individual system they are implemented on in addition to detect as well as the
usion detection systems (NIDS or HIDS) often combine signature- and anomaly-based detection methods. Some systems have the ability t
dpoint detection and response (EDR) is an emerging technology that addresses the need for continuous monitoring and response to advanc
hosts/endpoints. This technology is more frequently combined with endpoint protection platform (EP
ASSESSMENT RESULTS
Implementation Guideline-Level Detail
sessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the secu
suggested guidelines or alternatives).
uch, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective
components relevant for the user’s architecture.
ontrol statement is a suggested mean to fulfil the control objective and the implementation guidelines are common me
o start an assessment, the implementation guidance section should never be considered as an "audit checklist" as ea
mentation guidelines elements are not present or partially covered, mitigations as well as particular environment spec
compliance adherence level (again, as per the suggested guidelines or as
Does the user detect and prevent anomalous network activity into and within the local SWIFT environment?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>
Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
INTRUSION DETECTION
NTROL INFORMATION
ONTROL OBJECTIVE
activity into and within the local or remote SWIFT environment.
RISK DRIVERS
• Undetected anomalies or suspicious activity
ONTROL STATEMENT
detect unauthorised network access and anomalous activity.
ONTROL CONTEXT
aseline for normal operations and sending notifications when abnormal activity on the network is detected. As an operational
ccess), so will the intrusion detection capability needed to perform adequate detection. Therefore, simplifying network behaviour
aightforward and effective intrusion detection solutions.
mented on in addition to detect as well as the network packets on its network interfaces, similar to the way an NIDS operates.
n methods. Some systems have the ability to respond to any detected intrusion (for example, terminating the connection).
ntinuous monitoring and response to advanced threats by detecting suspicious activities and (traces of) other problems on
mbined with endpoint protection platform (EPP) that focuses at the device level.
SESSMENT RESULTS
entation Guideline-Level Detail
the CSP control; i.e. assess the security goal, regardless of the implementation method used (be it the
d guidelines or alternatives).
t: (i)Meets the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope
elevant for the user’s architecture.
mentation guidelines are common methods for implementing the control. Even if guidelines can be a good
nsidered as an "audit checklist" as each user’s implementation may vary. Therefore, in the case that some
as well as particular environment specificities have to be taken into account to properly assess the overall
as per the suggested guidelines or as per alternatives).
Recommendations
USION DETECTION
s detected. As an operational
e, simplifying network behaviour
he documented in-scope
IN-SCOPE COMPONENTS
• general-purpose operator PC or when used jump server used to access the secure zone
• Dedicated operator PCs
• Data exchange layer (the entry points to the secure zone or flows established to the secure zone components
should be considered)
• SWIFT-related components (including interfaces, GUI, SWIFT and customer connectors)
• systems or virtual machines hosting SWIFT-related components
• network devices protecting the secure zone
• Remote (operated by a third party) Virtualisation Platform (also referred as the hypervisor) hosting SWIFT related
VM’s and their management PCs
CONTROL STATEME
Application, host, and network penetration testing is conducted towards the secure
CONTROL CONTEX
Penetration testing is based on simulated attacks that use similar technologies to those deployed in real attacks. It is used to
access the targeted environment. Conducting these simulations is an effective tool for identifying weaknesse
ASSESSMENT RESU
Implementation Guideline-Lev
Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the state
components relevant for the user
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste
Guideline
Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Validate the operational security configuration and identify security gaps by performin
IN-SCOPE COMPONENTS
l-purpose operator PC or when used jump server used to access the secure zone
ted operator PCs
xchange layer (the entry points to the secure zone or flows established to the secure zone components
e considered)
-related components (including interfaces, GUI, SWIFT and customer connectors)
s or virtual machines hosting SWIFT-related components
devices protecting the secure zone
e (operated by a third party) Virtualisation Platform (also referred as the hypervisor) hosting SWIFT related
their management PCs
CONTROL STATEMENT
Application, host, and network penetration testing is conducted towards the secure zone and the operat
CONTROL CONTEXT
ation testing is based on simulated attacks that use similar technologies to those deployed in real attacks. It is used to determine the pathw
access the targeted environment. Conducting these simulations is an effective tool for identifying weaknesses in the environment
ASSESSMENT RESULTS
Implementation Guideline-Level Detail
sessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the secu
suggested guidelines or alternatives).
uch, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective
components relevant for the user’s architecture.
ontrol statement is a suggested mean to fulfil the control objective and the implementation guidelines are common me
o start an assessment, the implementation guidance section should never be considered as an "audit checklist" as ea
mentation guidelines elements are not present or partially covered, mitigations as well as particular environment spec
compliance adherence level (again, as per the suggested guidelines or as
Has the user validated the operational security configuration and identify security gaps by performing penetration testing?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>
Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
PENETRATION TESTING
NTROL INFORMATION
ONTROL OBJECTIVE
ation and identify security gaps by performing penetration testing.
RISK DRIVERS
• Unknown security vulnerabilities or security misconfigurations
ONTROL STATEMENT
ted towards the secure zone and the operator PCs or, when used, the jump server.
ONTROL CONTEXT
al attacks. It is used to determine the pathways that attackers might use, and the depth to which the attackers may be able to
identifying weaknesses in the environment which may require correction, improvement, or additional controls.
SESSMENT RESULTS
entation Guideline-Level Detail
the CSP control; i.e. assess the security goal, regardless of the implementation method used (be it the
d guidelines or alternatives).
t: (i)Meets the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope
elevant for the user’s architecture.
mentation guidelines are common methods for implementing the control. Even if guidelines can be a good
nsidered as an "audit checklist" as each user’s implementation may vary. Therefore, in the case that some
as well as particular environment specificities have to be taken into account to properly assess the overall
as per the suggested guidelines or as per alternatives).
Summary
Recommendations
TRATION TESTING
he documented in-scope
IN-SCOPE COMPONENTS
• Organizational control (people, processes and infrastructure) to be also met by third party operating a remote
virtualisation platform (also referred as the hypervisor) hosting SWIFT-related VM’s
CONTROL STATEME
Scenario-based risk assessments are conducted regularly to improve incident response prepared
CONTROL CONTEX
Scenario-based risk assessments, including cyberwar games, test vario
targeting the hosted SWIFT-related infrastructure. Scenario-bas
business driven exercises performed as part of
Such assessment considers the following non-exhaustive threats: end-user impersonation, message tampering, message eav
affecting service availability. Results of the assessment and existing mitigations help to identify areas of risks tha
Identified actions, mitigations, or updates have to be reported and followed up for closure according to
Several ISRM frameworks exist and can be consulted (for example, on NIST, ENISA, COBRA or ISO sites or from a local or
ISRM and resources (such as CIS-Critical Security Controls). These frameworks can be used to start implementin
ASSESSMENT RESU
Implementation Guideline-Lev
Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the state
components relevant for the user
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste
Guideline
Summary
Overall Control Disposition
Recommendations
<Recommendations for security enhancements / improvements>
CONTROL INFORMATION
CONTROL OBJECTIVE
Evaluate the risk and readiness of the organization based on plausible cyber at
IN-SCOPE COMPONENTS
ational control (people, processes and infrastructure) to be also met by third party operating a remote
tion platform (also referred as the hypervisor) hosting SWIFT-related VM’s
CONTROL STATEMENT
Scenario-based risk assessments are conducted regularly to improve incident response preparedness and to increase
CONTROL CONTEXT
Scenario-based risk assessments, including cyberwar games, test various attacks on existin
targeting the hosted SWIFT-related infrastructure. Scenario-based risk assessment
business driven exercises performed as part of institution risk mana
sessment considers the following non-exhaustive threats: end-user impersonation, message tampering, message eavesdropping, third-par
affecting service availability. Results of the assessment and existing mitigations help to identify areas of risks that may require future a
Identified actions, mitigations, or updates have to be reported and followed up for closure according to their criticality as per
l ISRM frameworks exist and can be consulted (for example, on NIST, ENISA, COBRA or ISO sites or from a local or regulator's standard o
ISRM and resources (such as CIS-Critical Security Controls). These frameworks can be used to start implementing a basic risk manag
ASSESSMENT RESULTS
Implementation Guideline-Level Detail
sessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the secu
suggested guidelines or alternatives).
uch, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective
components relevant for the user’s architecture.
ontrol statement is a suggested mean to fulfil the control objective and the implementation guidelines are common me
o start an assessment, the implementation guidance section should never be considered as an "audit checklist" as ea
mentation guidelines elements are not present or partially covered, mitigations as well as particular environment spec
compliance adherence level (again, as per the suggested guidelines or as
Has the user evaluated the risk and readiness of the organization based on plausible cyber attack scenarios?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>
Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
SCENARIO RISK ASSESSMENT
NTROL INFORMATION
ONTROL OBJECTIVE
he organization based on plausible cyber attack scenarios.
RISK DRIVERS
• Excess harm from deficient cyber readiness
• Unidentified sensitivity to cyber exposure
ONTROL STATEMENT
ent response preparedness and to increase the maturity of the organization's security programme.
ONTROL CONTEXT
erwar games, test various attacks on existing systems and processes
ucture. Scenario-based risk assessments include technical and
performed as part of institution risk management
mpering, message eavesdropping, third-party software weaknesses, compromising systems or Denial of Service (DoS) attacks
entify areas of risks that may require future actions, risk mitigations or update of the cyber incident response plan.
r closure according to their criticality as per the Information Security Risk Management (ISRM) process.
sites or from a local or regulator's standard or controls set of the same rigour as the industry guidance) to define user's proper
ed to start implementing a basic risk management process to be further enhanced to address user's specific risks.
SESSMENT RESULTS
entation Guideline-Level Detail
the CSP control; i.e. assess the security goal, regardless of the implementation method used (be it the
d guidelines or alternatives).
t: (i)Meets the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope
elevant for the user’s architecture.
mentation guidelines are common methods for implementing the control. Even if guidelines can be a good
nsidered as an "audit checklist" as each user’s implementation may vary. Therefore, in the case that some
as well as particular environment specificities have to be taken into account to properly assess the overall
as per the suggested guidelines or as per alternatives).
Recommendations
RISK ASSESSMENT
me.
process.
he documented in-scope