The SWIFT CSCF (Customer Security Controls Framework)

Security controls for financial organisations

What is the SWIFT CSP?

SWIFT (the Society for Worldwide Interbank Financial Telecommunication) provides the global messaging system that financial organisations use to transmit information and instructions securely.

Its CSP (Customer Security Programme) helps financial organisations ensure their cyber security defences are adequate and up to date.

What is the SWIFT CSCF?

As part of the CSP, SWIFT established the CSCF (Customer Security Controls Framework) to help organisations in the financial services industry implement a baseline of security.

Last updated in July 2021, the SWIFT CSCF comprises a set of 21 mandatory and 10 advisory security controls for the operating environment of SWIFT users.

CSCF objectives, principles and controls

The 31 CSCF v2022 controls are grouped according to 3 objectives, which are broken down further into 8 principles:

  1. Secure your Environment

    1. Restrict Internet access
    2. Segregate critical systems from general IT environment
    3. Reduce attack surface and vulnerabilities
    4. Physically secure the environment
  2. Know and Limit Access

    1. Prevent compromise of credentials
    2. Manage identities and segregate privileges
  3. Detect and Respond

    1. Detect anomalous activity to system or transaction records
    2. Plan for incident response and information sharing

Control definitions are aligned with information security best practice. SWIFT users can find these on mySWIFT, along with complementary security guidance documents.

CSCF self-attestation and assessment

Users can compare the security controls they have implemented with those listed in the CSCF to identify and remediate any compliance gaps.

They must then submit an annual self-attestation of their compliance with the mandatory elements of the CSCF, between July and December.

Self-attestations must be independently assessed via an internal and/or external assessment.

How IT Governance can help your SWIFT CSCF compliance

We have more than 20 years of experience helping organisations meet their IT governance, risk management and compliance objectives.

  • We are listed in SWIFT’s directory of CSP assessment providers, approved to perform assessments globally.
  • Our specialist team has extensive cyber security project expertise, and specifically within the financial services sector.
  • Our experts have implemented cyber security programmes for hundreds of organisations across a multitude of industries in both the private and public sectors.
  • We have a strong understanding of a wide range of different technology landscapes.
  • Our transparent proposals are fixed price, so you won’t get any surprises.
  • You will have access to a dedicated account manager throughout the project.

IT Governance is recognised under the following frameworks:

  • CREST certified as ethical security testers.
  • Certified under Cyber Essentials Plus, the UK government-backed cyber security certification scheme.
  • Certified to ISO 27001:2013, the world’s most recognised cyber security standard.

We can provide all the cyber security and information security services and resources you need to ensure your organisation follows industry-recognised best practice and can demonstrate its compliance with the CSCF.

Speak to a CSCF expert

As well as advising on cyber risk management, cyber security and information security best practice, we can:

Call us now on +0333 256 1926 or request a call back using the form below.

Contact us

PROTECT YOUR
BUSINESS
THIS WINTER