Customer Security Controls Framework
Learn more about Customer Security Controls and the Independent Assessment Framework
In July 2020, SWIFT published the Customer Security Controls Framework (CSCF) v2021.
This document provides information on changes to controls, additional guidance and many clarifications to existing controls and the associated implementation guidelines. The CSCF v2021 updates were implemented in the KYC-SA application (the online repository for customer attestations) in July 2021; you are now required to attest your compliance against this CSCF v2021 between early July and 31st December 2021.
In July 2021, SWIFT published a revised IAF; this new version clarifying some key aspects of this process: e.g., certifications required for assessors and options to contain the costs associated to an assessment. We remind you that an independent assessment supporting your attestation is mandatory as of this year. The revised IAF will help supporting the proper framework rollout in the coming months.
Also in July 2021, the CSCF v2022 was published. To cover the CSCF v2022 details, dedicated webinars will be organised early 2022.
Finally, in addition to the SWIFT Information Sharing and Analysis Centre (ISAC) portal, SWIFT has been sharing Indicators of Compromise (IoC) via an automated feed in STIX format over TAXII protocol. Since February 2021, this feed was migrated to MISP and the TAXII feed on the ISAC portal was discontinued in July 2021.
Where can you find the supporting documentation?
The CSCF v2021, v2022 and the revised IAF are available on swift.com. To access those documents, you must log in to mySWIFT with your swift.com credentials through swift.com > Explore our Knowledge Centre section > Support Pages > Security attestation.
Want to find out more?
We would like to invite you to attend this information session to:
- Hear how the SWIFT Customer Security Control Framework (CSCF) evolved in 2021
- Gain an overview of the promoted controls and main changes contained in SWIFT CSCF v2021
- Learn more about the Independent Assessment Framework (IAF), and how to limit the associated costs and ways in which to conduct assessments remotely.
- Become familiar with the migration of IOCs automatic feeds to the Malware Information Sharing Platform (MISP)
- Discover more on what’s coming with CSCF v2022
- Interactively engage and present questions to the CSP SWIFT experts.