SWIFT Customer Security Programme

Mandatory controls in 2021

The  SWIFT Customer Security Controls Framework (CSCF)  is composed of mandatory and advisory security controls for SWIFT users. The mandatory security controls establish a security baseline for the entire community. They must be implemented by all users on their local SWIFT infrastructure. SWIFT has chosen to prioritise these mandatory controls to set a realistic goal for near-term, tangible security gains and risk reduction. The advisory controls are based on recommended practice that SWIFT recommends all users to implement. Over time, controls may change due to the evolving threat landscape, the introduction of new technologies, the evolution of security-related regulations in major jurisdictions, developments in cybersecurity practices, or user feedback,. As such, some advisory controls may become mandatory, or new controls may be added. All controls are articulated around three overarching objectives:
  • Secure your Environment
  • Know and Limit Access
  • Detect and Respond
Finally, control definitions are in line with existing information security industry standards.
The information outlined in the SWIFT Customer Security Controls Framework (CSCF) document form the general, product-agnostic controls. All users must read the controls set out in this document carefully, and prepare their own organisation for implementation. To complement the CSCF, SWIFT publishes product-specific  Security Guidance (SG) document  documents. These provide the minimum security recommendations as well as additional guidance on how the existing security features of SWIFT’s messaging interfaces suite should be configured to align with the latest CSCF. To ensure adoption, and to complement the CSCF, SWIFT publishes further details of the related attestation policy and process in the  SWIFT Customer Security Controls Framework (CSCF) Policy document. The document contains information on:
  • the requirement to attest against SWIFT’s mandatory security controls.
  • the process and timelines for submitting your attestation to the KYC-Security Attestation application.
  • the process for viewing counterparties’ attestation via the KYC Security Attestation application
  • follow-up actions in case of non-compliance according to the reporting timelines.
You want to 
 more ?

How much does the external assessment cost?

In 2021, you need to select an independent assessor such as DiXiO to review your self attestation and provide a certification to submit to SWIFT.

At DiXiO, we have developed a very efficient methodology to perform these assessments. If you know you architecture type, we can give you a price immediately ! 

If you don’t know your architecture type, leave the field empty and just answer the 2 other questions. We’ll give you the corresponding price.

DiXiO's guidance really helped us understand what is expected when it comes to SWIFT Customer Security Programme. Their support allowed us to better secure our infrastructure and collect the mandatory evidences to report to SWIFT.
Mohamed D.
Contact Us

Register for free to our SWIFT CSP webinar

    Please fill in the form to receive this document per e-mail

      Please fill in the form to receive this document per e-mail

        Please fill in the form to receive this document per e-mail

          Please fill in the form to receive this document per e-mail