What is Swift CSP 2023?
Swift (Society for Worldwide Interbank Financial Telecommunication) is a network that allows financial institutions to communicate and receive information on financial transactions in a safe and dependable environment. The Swift Customer Security Programme (CSP) focuses on identifying and preventing suspicious activity via a collection of mandated security controls, initiatives, and product features.
Swift implemented many updates to the Customer Security Programme (CSP) and Customer Security Controls Framework (CSCF) in 2023. The modifications to the Swift CSP service are an ongoing effort to guard the banking community against security threats and fraudulent financial operations.
In other words, the Swift CSP is a cybersecurity barricade around the banking sector in response to multiple cyber heists.
Due to the importance and breadth of the Swift infrastructure, it has long been a target for criminals in the financial industry. As a result of technological improvements, attackers can now exploit even the most basic flaws in organizational systems. Swift CSP 2023 intends to ensure the security and sturdiness of the financial sector by implementing continual improvement to the security standards on a yearly basis. It is critical for any Swift member using any Swift services to comply with these standards to maintain the security of the entire network.
Customer Security Controls Framework (CSCF): A Brief History
The Customer Security Controls Framework (CSCF) is a set of standards and controls detailing the security benchmarks organizations must reach in order to maintain compliance, and it is constantly evolving. Over the years, there has been a notable increase in the number of mandatory security controls in the CSCF – in the timespan from 2017 to 2021, the number of controls increased from 27 to 31. Organizations are allotted 18 months for comprehending and implementing any modifications to the CSCF framework.
The most recent version of CSCF introduced was in 2022, and organizations are expected to comply with the new standards by the end of 2023. The CSCF change management team has recommended a ‘Phased Approach’ for adopting its most recent improvements to the framework.
A further insight into the continuously updating components of CSCF is that an increasing number of advisory controls will soon become mandatory, and companies will need to be prepared to test and apply these controls. If your organization adopts the security controls before they become mandatory, your organization can maintain the highest levels of compliance, conformity, and security in the industry.
Updates for 2023: Swift CSCF
The most recent version of the CSCF was released on October 21st, 2022. Swift users must submit their CSP attestation before December 31st, 2023 against the security controls listed in the 2023 version of the CSCF.
The following items detail the major updates included in the CSCF for 2023:
- Control 1.5A was promoted to a mandatory control
- No new advisory controls were introduced
- Many clarifications were provided related to the new PED-less HSM, application containerisation, usage of ancillary services, accesses to the central RMA portal, MFA solutions and more
As specified in the list above, advisory control 1.5A was promoted to mandatory – this control turned mandatory to realign architecture A4 with A3 and protect all connectors which, before the architecture was split, were scoped under control 1.1 (Swift Environment Protection).
The control objective is basically to protect the customer’s connectivity infrastructure from the external environment and identify potentially compromised elements of the general IT environment.
The control seeks a segmentation between the customer’s Swift connectivity infrastructure and the rest of the enterprise network. Effective segmentations include and are not limited to network-level separation, access restriction, and connectivity restrictions.
Ensuring compliance with these changes requires high-level Swift expertise and cyber-security knowledge. As a long-standing Swift Service Bureau with certified in-house Swift experts, Axletree can help your organization ensure you are up to date with the CSCF, and help you complete the Swift CSP attestation. Our assessment models can be modified to begin with a fundamental evaluation of your Swift CSP certification and controls, which go all the way to assisting with remedial efforts if required.
With our in-house technology, cyber-security team, and Swift experts, we can guide your organization through the CSP process to safeguard your security, revenues, and reputation.
Reach out today to speak with one of our Swift CSP specialists.
May 2, 2023