Professional Documents
Culture Documents
Swift CSCF RGB
Swift CSCF RGB
Compliance
2 SWIFT Background
• 4,000+ professionals
• Consultants with relevant experience of
8-15 years and above
• Worked with 86 of the Fortune 100
• Annually serve over 2,400 clients
• Helping locally and globally across more
than 70 offices
• Delivered projects in over 48 countries
• 100% retention of top 50 clients
• Nasdaq: RECN
Traditionally
• Only Financial institutes until 2007.
SCORE Membership
Standardized Corporate Environment
Corporations
• Access the SWIFT Network
• Access is to Financial organizations not corporation to
corporation.
Governments
• Monitor activities for malicious intent.
SWIFT - FIN
Example File Types
• Application Used for inbound/outbound
messaging • BAI2, EDI, ISO 20022, XML & NACHA
Bank 1
Network
Connection
SWIFT Alliance Gateway Examples of HR Integrations
• Application to Application • PeopleSoft
Connectivity to the SWIFT IP • Workday
Network.
• Consolidates data flows to/from
SWIFT Network
SWIFT
SWIFT Reaction
• Chairman Yawar Shah Stated:
• “The growing cyber threat requires a concerted,
community-wide response.”
SWIFT CSP is created
• The goal is to help members secure the systems they
use to connect to the SWIFT network.
CSCF v2020
Self-Attestation of Compliance by Mandatory compliance.
December 31st (added controls)
2021
• 33 Controls
• 23 Mandatory
• 10 Advisory
2020
Promoted
• 31 Controls
• 21 Mandatory • 1.4A Restrict
Internet Access
2019 • 10 Advisory
• 2.11A RMA Controls
Promoted • 2.4A Back-Office
• 29 Controls
• 19 Mandatory • 1.3 Virtualization Data Flow –
Platform MQ/Middleware
• 10 Advisory
2018 • 2.10 Application Servers
Promoted Hardening New Advisory
• 27 Controls
• 2.6 Operator Session New Advisory • TBD
• 16 Mandatory Flows
2017 • 11 Advisory • 2.7 Vulnerability • 1.4A Restrict Scope Extension
Scanning Internet Access
• 27 Controls • 5.4 Password Storage • 2.11A RMA Controls • TBD
• 16 Mandatory New Advisory Scope Extension
• 11 Advisory • 1.3A Virtualization • 2.4A Back-Office
Platform Data Flow –
• 2.10 Application MQ/Middleware
Hardening Servers
Detect anomalous
activity to 6.1 Malware 6.2 Software 6.3 Database 6.4 Logging 6.5A Intrusion
systems or Protection Integrity Integrity and Monitoring Detection
transaction
records
Self-Attestations
If members are not CSCF compliant or don’t submit self-attestations their
status is visible to the SWIFT community and any member can determine
their status.
Transactions
If parties that do transactions are not compliant SWIFT will inform
counterparties and their ability to transact business and facilitate
payments will be limited.
Bank Penalties
Reserve Bank of India slapped penalties on 36 banks for non-
compliance.
Companies using SWIFT must comply with new security requirements. Compliance typically involves an assessment
approach such as the following:
Identify known vulnerabilities within the local SWIFT environment by implementing a regular
2.7 Vulnerability Scanning
vulnerability scanning process and act upon results.
Prevent that a compromise of a single authentication factor allows access into SWIFT
4.2 Multi-factor Authentication
systems, by implementing multi-factor authentication.
source: www.jpl.nasa.gov
Venus
864 F
source: www.space.com
source: www.jpl.nasa.gov
486 AD
The
Romans
rgp.com | 2019 © RGP 26