Customer Security Controls Framework
Learn more about Customer Security Controls and the Independent Assessment Framework
In July 2020, SWIFT published the Customer Security Controls Framework (CSCF) v2021.
The CSCF v2021 document provides information on changes to controls, additional guidance and many clarifications to existing controls and their associated implementation guidelines.
In 2020, SWIFT also published a revised version of the Independent Assessment Framework (IAF); this was a result of the covid-19 pandemic. This updated version factored in revised timelines for the forthcoming implementation of the independent internal or external assessment requirement.
How to access these documents
The CSCF v2021 and the revised IAF are both available on swift.com. To access the documents, you must log in to mySWIFT with your swift.com credentials via swift.com > Explore our Knowledge Centre section > Support Pages > Security attestation
In addition, SWIFT shares Indicators of Compromise (IoC) via the SWIFT ISAC Portal. These automated feeds are supplied in STIX format over TAXII protocol. In 2021, these automated feeds will migrate to MISP. Subscribed customers will need to take action to ensure a smooth migration to the new platform.
Want to find out more?
We would like to invite you to attend this information session to:
- Learn how the SWIFT Customer Security Control Framework (CSCF) evolves in 2021.
- Obtain an overview of the promoted controls and main changes that come into effect with CSCF v2021.
- Learn more on the revised schedule for the enforcement of the Independent Assessment Framework (IAF). Discover ways on how to contain the costs incurred with an independent assessment and (ii) conduct remote assessments and conducting an independent internal or external assessment in your organisation.
- Discover more on the MISP migration and timelines planned for Q2 2021.
- Engage and ask questions interactively with SWIFT during the session. CSP subject matter experts will be available to answer your questions around the practical aspects of maintaining the CSP.