Updated Customer Security Guidance documentation now available for Alliance and AMH users
As part of the Customer Security Programme (CSP), SWIFT has published a Customer Security Controls Framework (CSCF) – a baseline set of core security controls that every SWIFT customer must implement to strengthen their local security.
The controls, which are predominantly mandatory, aim to spread security best practice to ensure a baseline level of security across all customers’ systems and processes within their SWIFT infrastructure. Since the first CSCF in 2017, there have been annual updates to keep ahead of the evolving tactics and techniques of cyber criminals.
The CSCF 2019 update provides additional guidance and clarification about the implementation guidelines and includes changes to the existing controls, including the promotion of three existing advisory controls to mandatory and the introduction of two new advisory controls.
In addition, SWIFT has published some product-specific Security Guidance (SG) documents. These documents provide SWIFT's minimum set of security-related recommendations and additional guidance on how the existing security features in SWIFT Messaging interfaces suite should be configured to align with the CSCF 2019. SWIFT Messaging interfaces covered by these latest SG documents include release 7.2 (or higher) of Alliance Web Platform Server-Embedded, Alliance Access/Entry, Alliance Gateway, and SWIFTNet Link, as well as all releases of Alliance Messaging Hub (AMH).
SWIFT customers must read the relevant Security Guidance and verify the implementation in their local SWIFT configuration. Please login to swift.com for the Security Controls and Mapping with Security Guidance (24 June 2019) for a list of links to the relevant CSCF, security guideline and mapping documentation. The diagram below illustrates the dependencies between those documents.
The mapping between the CSCF controls with the Alliance Security Guidance documents is contained in a separate document, while for AMH this mapping is included in the AMH Security Guidance document itself.
In parallel, SWIFT also regularly publishes new updates within its products portfolio, including the AMH and the Alliance suite family. These new product versions include software security features aimed at mitigating the risks of fraud.