CSCF Assessment Template For Advisory Controls v2024 v1.0

713984381.
xlsx - Read me first Tab Template Version: 2019
CSCF Assessment template instructions - Advisory controls - Version 2024

PURPOSE
This template is provided for convenience; SWIFT recommends that independent assessors, involved in the assessment of the Customer Security Controls Framework (CSCF) controls implemenation for a SWIFT user, use it to document the assessment
results. This workbook provides guidelines that apply only the CSCF v2024 advisory controls; a separate file is available for assessing CSCF mandatory controls.
INSTRUCTIONS
1 Important note: User data contained within this assessment workbook is considered sensitive and must not be disclosed to any party without express written consent from the SWIFT user.
Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the security goal, regardless of the implementation method used (be it the suggested guidelines or alternatives).
As such, to comply with a CSP security control, users must implement a solution that: (i) Meets the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope components relevant for the user’s architecture.
2 The control statement is a suggested mean to fulfil the control objective and the implementation guidelines are common methods for implementing the control. Even if guidelines can be a good way to start an assessment, the implementation guidance
section of each control in the CSCF should never be considered as an "audit checklist" as each user’s implementation may vary. Therefore, in the case that some implementation guidelines elements are not present or partially covered, mitigations as
well as particular environment specificities have to be taken into account to properly assess the overall compliance adherence level (again, as per the suggested guidelines or as per alternatives).
3 SWIFT highly recommends that users also include the CSCF advisory controls in the independent assessment; some of the advisory may be turned mandatory in the next version of the CSCF
Begin the assessment process by thoroughly reviewing the Customer Security Controls Framework (CSCF), assessment templates, and all other SWIFT-provided assessment guidance.
4 Access to documentation through your swift.com user account (your company being registered with SWIFT), or documentation to be provided by the SWIFT user if your company is not registered and you do not have an a swift.Com user account.
Access the Attestation Support page
Reference the “User Data” tab and populate all applicable cells with the information requested. Note that all individual assessors involved in executing the end-to-end assessment process should be included in the “Assessor Name(s)” field.
5
Additionally, names provided in the “Assessor Name(s)” field should be accompanied by the applicable professional certification(s) held by each individual assessor.
Depending on the architecture type of the community member in question, complete the following coloured tabs that represent the control data contained within the CSCF.
• Architecture A1 and A2 : BLUE + GREEN + YELLOW tabs
6 • Architecture A3: BLUE + GREEN tabs
• Architecture A4: BLUE + GREEN tabs
• Architecture B: BLUE tabs
For each applicable tab defined above, review the control objective, in-scope components, risk drivers, control statement, and control context. Assessors should reference the full text of the CSCF document for a full listing of all control and guideline-
7
level details. This guidance applies to the internal or external assessors to assess the existing/implemented controls and their suitability/effectiveness.
The assessment templates directly correlate to the CSCF and highlight which CSCF controls are applicable to the user’s architecture type. For each applicable control, the relevant template sets out the control objective, any underpinning key
principle(s) and SWIFT’s guidance with respect to their implementation. By use of the template, the assessor can then confirm whether those that are applicable to the user are complied with, either via SWIFT’s implementation guidance or, for typically
large or complex institutions, via an alternative implementation method. (Specifically, for CSCF control 1.1, the key principle 1.1.C2 may not be applicable).
8
Finally, some CSCF controls although relevant for the user’s SWIFT architecture type may, in rare cases, not be applicable depending upon the user’s specific local infrastructure. In such cases, they should be assessed as 'Not Applicable'. An
example of this would be Control 6.2 (Anti-Virus) which, whilst likely to be applicable in most environments would is not likely to be applicable in a Linux environment. - please refer to the KYC-SA baseline for the identification of such controls.
For each Implementation Guideline in the "Assessments Results" section, indicate whether or not the user has fulfilled the guideline statement using the appropriate drop-down list(s) available at the right side of the worksheet. Note that the only
9
available responses are “yes”, “no”, and “N/A”. Responses marked “N/A” are not detrimental to the overall disposition of any control.
Support the above-mentioned finding by populating the corresponding cell(s) marked "<Observations & response justification - address all subordinate implementation details as documented in the CSCF>" for each guideline. As noted, assessors
10
should address all subordinate details documented for each Implementation Guideline as provided in the CSCF.
For each guideline in the "Assessments Results" section, indicate whether or not the user has used an alternative implementation means to fill the control requirement(s) of said guideline. Use the appropriate drop-down list(s) available at the right side
11
of the worksheet. Note that the use of alternative implementation means is not detrimental to the overall conclusion of the control.
For any control where alternative implementation means were used to fill the control requirement(s), provide a full explanation of the alternative means utilised in the corresponding cells marked "<Alternative guideline implementation approach and
12 details>". Note that the worksheet will grey out these cells for any guidelines that have been addressed using the standard implementation method. Responses provided should be comprehensive and detail how all applicable risks are addressed by
the user's custom implementation.
When the above steps have been completed, the worksheet will automatically mark the control as either "In Place" or "Not in Place" depending on the input provided by the assessor in the "Assessments Results" section. Do not attempt to manually
13
alter any fields that are automatically populated (non-modifiable cells are password protected).
14 The workbook will automatically display a summary of the dispositions of all controls in the "Summary" tab.
When the assessment is complete, assessors should print the completion letter provided in the "Completion Letter" WORD document posted in the same ZIP file as this Excel Sheet, as described in the Independent Assessment Framework (chapter
15
"7.1 Assessment Report and Completion Letter"). Then manually sign the letter, and provide it to the user for whom the assessment was performed.
When the assessment is complete, assessors must provided the Swift user with an assessment report as described in the Independent Assessment Framework (chapter "7.1 Assessment Report and Completion Letter"). A CSP assessment report
16
template is available on the Swift Knowledge Center.
Note in case of reliance on conclusion of previous assessment cycle, controls's conclusion that have been relied on previous assessment should be marked as such in the <Observations & response justification> boxes of those controls.(as described
17
in the Independent Assessment Framework, chapter "3.4 Reliance on the Previous Assessment’s Conclusions")
The information herein is confidential and will not disclosed to third parties without written permission Template Copyright © S.W.I.F.T. SCRL, 2019
Date
31-Jan-20
31-Jan-20
31-Jan-20
17-Jul-20
30-Nov-20
12-Oct-21
1-Aug-22
7-Aug-23
Change
Removed Completion letter tab to make it a standalone word document
Inserted a clause on each control, before the Implemntation guidelines to stress on the risk based approach to be used by
assessors
Inserted a revision record sheet
alignement with CSCF v2021
inserted A4, change the text for the completion letter, review color coding
updated for v2022
updated for v2023
updated for v2024
713984381.xlsx - User Data Tab Template Version: 2019
USER BACKGROUND DATA SHEET

Customer Name <customer>
BIC <BIC>
Architecture Type <type>
Assessment Start Date <start date>
Assessment End Date <end date>
CSCF Version 2024
Assessor Firm <firm>
713984381.xlsx - Summary Tab Template Version: 2019
ADVISORY CONTROLS SUMMARY

Architecture Applicability
Control Objective Title Implementation Means Control Disposition
A1 A2 A3 A4 B
1.2 (Advisory for B) Operating System Privileged Account Control X X X X A TBD TBD
2.4A Back-Office Data Flow Security X X X X X TBD TBD
2.5A External Transmission Data Protection X X X X TBD TBD
2.7 (Advisory for B) Vulnerability Scanning X X X X A TBD TBD
2.11A RMA BusinessControls X X X X X TBD TBD
5.3A Personnel Vetting Process X X X X X TBD TBD
6.2 (Advisory for A4) Software Integrity X X X A TBD TBD
6.3 (Advisory for A4) Database Integrity X X A TBD TBD
6.5A Intrusion Detection X X X X TBD TBD
7.3A Penetration Testing X X X X X TBD TBD
7.4A Scenario Risk Assessment X X X X X TBD TBD
1.2 (Advisory for B)
CONTROL INFORM
CONTROL OBJEC
Restrict and control the allocation and usage of admini
IN-SCOPE COMPONENTS
Administrator-level accounts defined on the following components:
• Systems or virtual machines (VMs) hosting a Swift-related component (including interface, GUI, Swift or customer
connector, jump server)
• dedicated operator PCs
• network devices protecting the secure zone
• On-premises or remote (that is hosted and/or operated by a third party) virtualisation or cloud platform that hosts Swift-
related VM’s
• New HSM
• New HSM
• [Advisory:bridging servers (such as middleware or file transfer servers other than customer connectors used for and
guardian of the secure data exchange between back-office and Swift-related components]
• [Advisory: General-purpose operator PC]
CONTROL STATE
Access to administrator-level operating system accounts is restricted to the maximum extent possible. Usage is controlled, mo
and emergency activities. At all other times, an acco
CONTROL CONT
Tightly protecting administrator-level accounts within the operating system reduces the opportunity for an attacker to use
ASSESSMENT RE
Implementation Guideline
Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e. a
guidelines or altern
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the st
components relevant for the u
The control statement is a suggested mean to fulfil the control objective and the implementation guideline
start an assessment, the implementation guidance section should never be considered as an "audit checkl
guidelines elements are not present or partially covered, mitigations as well as particular environment spe
level (again, as per the suggeste guidel
Guideline
Summary
Overall Control Disposition
Recommendatio
<Recommendations for security enhancements / improvements>
OPERAT
CONTROL INFORMATION
CONTROL OBJECTIVE
Restrict and control the allocation and usage of administrator-level operating system
IN-SCOPE COMPONENTS
el accounts defined on the following components:
ual machines (VMs) hosting a Swift-related component (including interface, GUI, Swift or customer
server)
ator PCs
s protecting the secure zone
remote (that is hosted and/or operated by a third party) virtualisation or cloud platform that hosts Swift-
ng servers (such as middleware or file transfer servers other than customer connectors used for and
ecure data exchange between back-office and Swift-related components]
ral-purpose operator PC]
CONTROL STATEMENT
nistrator-level operating system accounts is restricted to the maximum extent possible. Usage is controlled, monitored, and only permitted fo
and emergency activities. At all other times, an account with least privilege access
CONTROL CONTEXT
tecting administrator-level accounts within the operating system reduces the opportunity for an attacker to use the privileges of the account
ASSESSMENT RESULTS
Implementation Guideline-Level Detail
should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the security goal,
guidelines or alternatives).
, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective, (ii
components relevant for the user’s architecture.
tatement is a suggested mean to fulfil the control objective and the implementation guidelines are common methods f
ssment, the implementation guidance section should never be considered as an "audit checklist" as each user’s imple
ements are not present or partially covered, mitigations as well as particular environment specificities have to be take
level (again, as per the suggeste guidelines or as per alternative
Has the user adequately restricted and controlled the allocation and usage of administrator-level operating system accounts?
<Observations & response justification - address all subordinate implementation details as documented in the CSCF>
Has the user employed an alternative implementation approach?
<Alternative guideline implementation approach and details>
Summary
l Disposition
Recommendations
ons for security enhancements / improvements>
OPERATING SYSTEM PRIVILEGED ACCOUNT CONTROL
ROL INFORMATION
TROL OBJECTIVE
sage of administrator-level operating system accounts.
RISK DRIVERS
• Deletion of logs and forensic evidence
• Excess privilege or access
• Lack of traceability
• Unauthorized system changes
• HSM management misused
ROL STATEMENT
s controlled, monitored, and only permitted for relevant activities such as software installation and configuration, maintenance,
times, an account with least privilege access is used.
TROL CONTEXT
attacker to use the privileges of the account as part of an attack (for example, executing commands, deleting evidence).
SSMENT RESULTS
tion Guideline-Level Detail
control; i.e. assess the security goal, regardless of the implementation method used (be it the suggested
nes or alternatives).
)Meets the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope
ant for the user’s architecture.
on guidelines are common methods for implementing the control. Even if guidelines can be a good way to
"audit checklist" as each user’s implementation may vary. Therefore, in the case that some implementation
ironment specificities have to be taken into account to properly assess the overall compliance adherence
geste guidelines or as per alternatives).
nistrator-level operating system accounts?

tails as documented in the CSCF>
Summary
ecommendations
CCOUNT CONTROL
nd configuration, maintenance,
ands, deleting evidence).
used (be it the suggested
documented in-scope
ines can be a good way to

that some implementation
all compliance adherence
TBD
2.4A
CONTROL INFORMAT
CONTROL OBJECTI
Ensure the confidentiality, integrity, and mutual authenticity of data flowing between on-premises or rem
IN-SCOPE COMPONENTS
• Business transaction data exchanged between the on-premises or remote (that is hosted or operated by a
third party, or both) Swift-related components (interfaces, GUI, connectors) and the back-office first hops
they are connected to either directly or through one or several bridging servers (such as middleware or
file transfer servers).
Appendix H must be consulted to apprehend and visualise the various elements and options.
Such exchanges can be protected
− end-to-end between Swift-related components in the secure zone and a back-office first hop, through:
a) a secure mechanism ensuring authentication, integrity and confidentiality at the data (or application)
level, OR
b) when there is a direct (point to point) connectivity between the Swift-related component in the
secure zone and the back-office first hop, a secure protocol or mechanism ensuring the
authentication, integrity and confidentiality of the connection.
− or transitively (at each leg or segment in the flow), when one or several servers bridge the secure
zone with a back-office first hop and there is no end-to-end protection of the data, through the
implementation of:
1) a secure protocol or mechanism for the direct (point to point) exchange between the Swift-related
component(s) in the secure zone and the bridging server, that ensures authentication, integrity and
confidentiality of the data exchanged, AND
2) the CSCF controls on the bridging server(s) that is/are guardian of the data exchange security, AND
3) when relevant, a secure protocol or mechanism for the exchange between the bridging servers
themselves that ensures authentication, integrity and confidentiality of the data exchanged, AND
4) a secure protocol or mechanism for the direct (point to point) exchange between the back-office first
hop and the bridging server that ensures authentication, integrity and confidentiality of the data
exchanged
Note: Swift expects this control to be turned Mandatory gradually in two phases as described below. Therefore,
we strongly recommend users to already identify the relevant flows and assess their data exchange security (that
is end-to-end or transitive segments as per the above) for proper prioritisation and planification of potential next
steps
[Advisory Phase 1 – in a future CSCF version: Protect the new point to point flows and the bridging servers
that are guardian of the data exchange
- Protect end-to-end the new direct flows (point to point connections) created between a back-office first hop and
components in the secure zone (security by design as from day one)
- Protect the flows that are not end-to-end protected and which rely on bridging servers for their security, through
the implementation of:
1) a secure protocol or mechanism for the direct (point to point) exchange between the secure zone
and the bridging server, that ensures authentication, integrity and confidentiality of the data exchanged,
AND
2) the CSCF controls on the bridging server(s) that is/are guardian of the data exchange security, AND
3) when relevant, a secure protocol or mechanism for the exchange between the bridging servers
themselves that ensures authentication, integrity and confidentiality of the data exchanged]
[Advisory Phase 2 – in a subsequent CSCF version: Protect the legacy flows
- Protect end-to-end the legacy direct flows (point to point connections) between back-office first hops and the
Swift-related components in the secure zone
- Protect the legacy flows that are not end-to-end protected and which rely on bridging servers for their security,
through the implementation of:
4) a secure protocol or mechanism for the direct (point to point) exchange between the back-office first
hops and the bridging server, that ensures authentication, integrity and confidentiality of the data
exchanged]
• New HSM (direct flows from back-office hops should be avoided; flows to New HSM should only be permitted
from the SNL or the customer connector using application profiles).
CONTROL STATEME
Confidentiality, integrity, and authentication mechanisms (at system, transport, message or data level) are implemented to pr
CONTROL CONTEX
Protection of data flows/connections between the back office first hops as seen from the Swift or customer secure zone, and
data access while in tran
ASSESSMENT RESU
Implementation Guideline-Lev
Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e
suggested guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the state
components relevant for the user
way to start an assessment, the implementation guidance section should never be considered as an "aud
implementation guidelines elements are not present or partially covered, mitigations as well as particular
compliance adherence level (again, as per the suggeste
Guideline
Summary
Recommendations
CONTROL INFORMATION
CONTROL OBJECTIVE
Ensure the confidentiality, integrity, and mutual authenticity of data flowing between on-premises or remote Swift infrastructu
IN-SCOPE COMPONENTS
s transaction data exchanged between the on-premises or remote (that is hosted or operated by a
y, or both) Swift-related components (interfaces, GUI, connectors) and the back-office first hops
connected to either directly or through one or several bridging servers (such as middleware or
er servers).
H must be consulted to apprehend and visualise the various elements and options.
hanges can be protected
end between Swift-related components in the secure zone and a back-office first hop, through:
re mechanism ensuring authentication, integrity and confidentiality at the data (or application)
here is a direct (point to point) connectivity between the Swift-related component in the
one and the back-office first hop, a secure protocol or mechanism ensuring the
ation, integrity and confidentiality of the connection.
sitively (at each leg or segment in the flow), when one or several servers bridge the secure
h a back-office first hop and there is no end-to-end protection of the data, through the
ntation of:
re protocol or mechanism for the direct (point to point) exchange between the Swift-related
nt(s) in the secure zone and the bridging server, that ensures authentication, integrity and
iality of the data exchanged, AND
SCF controls on the bridging server(s) that is/are guardian of the data exchange security, AND
elevant, a secure protocol or mechanism for the exchange between the bridging servers
es that ensures authentication, integrity and confidentiality of the data exchanged, AND
re protocol or mechanism for the direct (point to point) exchange between the back-office first
he bridging server that ensures authentication, integrity and confidentiality of the data
ed
ift expects this control to be turned Mandatory gradually in two phases as described below. Therefore,
gly recommend users to already identify the relevant flows and assess their data exchange security (that
end or transitive segments as per the above) for proper prioritisation and planification of potential next
y Phase 1 – in a future CSCF version: Protect the new point to point flows and the bridging servers
guardian of the data exchange
end-to-end the new direct flows (point to point connections) created between a back-office first hop and
nts in the secure zone (security by design as from day one)
the flows that are not end-to-end protected and which rely on bridging servers for their security, through
mentation of:
re protocol or mechanism for the direct (point to point) exchange between the secure zone
ridging server, that ensures authentication, integrity and confidentiality of the data exchanged,
SCF controls on the bridging server(s) that is/are guardian of the data exchange security, AND
elevant, a secure protocol or mechanism for the exchange between the bridging servers
es that ensures authentication, integrity and confidentiality of the data exchanged]
y Phase 2 – in a subsequent CSCF version: Protect the legacy flows
end-to-end the legacy direct flows (point to point connections) between back-office first hops and the
ted components in the secure zone
the legacy flows that are not end-to-end protected and which rely on bridging servers for their security,
he implementation of:
re protocol or mechanism for the direct (point to point) exchange between the back-office first
the bridging server, that ensures authentication, integrity and confidentiality of the data
ed]
SM (direct flows from back-office hops should be avoided; flows to New HSM should only be permitted
SNL or the customer connector using application profiles).
CONTROL STATEMENT
ntiality, integrity, and authentication mechanisms (at system, transport, message or data level) are implemented to protect data flows betw
CONTROL CONTEXT
ion of data flows/connections between the back office first hops as seen from the Swift or customer secure zone, and the Swift infrastructur
data access while in transit.
ASSESSMENT RESULTS
sessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the secur
suggested guidelines or alternatives).
uch, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective
ontrol statement is a suggested mean to fulfil the control objective and the implementation guidelines are common me
o start an assessment, the implementation guidance section should never be considered as an "audit checklist" as ea
mentation guidelines elements are not present or partially covered, mitigations as well as particular environment spec
compliance adherence level (again, as per the suggested guidelines or as
Has the user adequately ensured the confidentiality, integrity, and mutual authenticity of data flows between Swift infrastructure

Summary
Control Disposition
Recommendations
mendations for security enhancements / improvements>
BACK-OFFICE DATA FLOW SECURITY
NTROL INFORMATION
ONTROL OBJECTIVE
een on-premises or remote Swift infrastructure components and the back office first hop they connect to.
RISK DRIVERS
• Loss of sensitive data confidentiality
• Loss of sensitive data integrity
• Unauthenticated system traffic
• Unauthorised access
ONTROL STATEMENT
are implemented to protect data flows between Swift infrastructure components and the back-office first hops they connect to.
ONTROL CONTEXT
mer secure zone, and the Swift infrastructure safeguards against man-in-the-middle, unintended disclosure, modification, and
ata access while in transit.
SESSMENT RESULTS
entation Guideline-Level Detail
the CSP control; i.e. assess the security goal, regardless of the implementation method used (be it the
d guidelines or alternatives).
t: (i)Meets the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope
elevant for the user’s architecture.
mentation guidelines are common methods for implementing the control. Even if guidelines can be a good
nsidered as an "audit checklist" as each user’s implementation may vary. Therefore, in the case that some
as well as particular environment specificities have to be taken into account to properly assess the overall
as per the suggested guidelines or as per alternatives).
ity of data flows between Swift infrastructure components and the back office first hop they connect to?
Summary
Recommendations
A FLOW SECURITY
nnect to.
ffice first hops they connect to.
d disclosure, modification, and
method used (be it the
he documented in-scope
guidelines can be a good

ore, in the case that some
operly assess the overall
TBD
2.5A
CONTROL INFORMAT
CONTROL OBJECTI
Protect the confidentiality of Swift-related sensitive data transmitted or stored ou
IN-SCOPE COMPONENTS
• Swift-related secure zone sensitive data (such as back-ups, business transaction details and credentials)
CONTROL STATEME
Sensitive Swift-related data that leaves the secure zone as a result of operating system/application back-ups for recovery purp
when stored outside of a secure zone and is encrypted while
CONTROL CONTEX
While 2.4A covers the back-office application flows with the Swift-related components, this control covers the underlying Sw
operational activities (such as back-ups or manual/aut
Operating system or applications back-ups and the replication of business transaction data can provide useful information to p
for example, using the SAN/NAS technology) must therefore be secured to prevent unauthorised ac
Back-up encryption, encryption of data at rest, or appropriate authorisation and
Offline processing covers, for example, processing performed for support activit
ASSESSMENT RESU
Guideline
Summary
Recommendations
CONTROL INFORMATION
CONTROL OBJECTIVE
Protect the confidentiality of Swift-related sensitive data transmitted or stored outside of the secure zo
IN-SCOPE COMPONENTS
lated secure zone sensitive data (such as back-ups, business transaction details and credentials)
CONTROL STATEMENT
e Swift-related data that leaves the secure zone as a result of operating system/application back-ups for recovery purposes, business trans
when stored outside of a secure zone and is encrypted while in transit to the first
CONTROL CONTEXT
e 2.4A covers the back-office application flows with the Swift-related components, this control covers the underlying Swift-related data that r
operational activities (such as back-ups or manual/automated data extractio
g system or applications back-ups and the replication of business transaction data can provide useful information to prepare fraudulent tran
for example, using the SAN/NAS technology) must therefore be secured to prevent unauthorised access. Flow or data en
Back-up encryption, encryption of data at rest, or appropriate authorisation and access controls are
Offline processing covers, for example, processing performed for support activities, additional analys
ASSESSMENT RESULTS
Has the user adequately protected the confidentiality of Swift-related data transmitted or stored outside of the secure zone as p

Summary
Control Disposition
Recommendations
EXTERNAL TRANSMISSION DATA PROTECTION
NTROL INFORMATION
ONTROL OBJECTIVE
ransmitted or stored outside of the secure zone as part of operational processes.
RISK DRIVERS
• Compromise of trusted backup data
• Loss of sensitive data confidentiality
ONTROL STATEMENT
k-ups for recovery purposes, business transaction data replication for archiving, or extraction for offline processing is protected
e and is encrypted while in transit to the first storage location.
ONTROL CONTEXT
overs the underlying Swift-related data that resides in the cloud or is exported from the secure zone and manipulated as per
back-ups or manual/automated data extraction/copies).
useful information to prepare fraudulent transactions. The initial transfer, handling, and storage outside of secure zones (when,
revent unauthorised access. Flow or data encryption are usual means to protect such data in transit.
priate authorisation and access controls are usual means to protect stored data.
rmed for support activities, additional analysis, or business intelligence activities.
SESSMENT RESULTS
ed or stored outside of the secure zone as part of operational processes?

Summary
Recommendations
DATA PROTECTION
r offline processing is protected
one and manipulated as per
outside of secure zones (when,

ansit.

TBD
2.7 (Advisory for B)
CONTROL INFO
CONTROL OBJ
Identify known vulnerabilities within the user's Swift environment by impleme
IN-SCOPE COMPONENTS
• Jump server
• Dedicated operator PC
• all systems hosting a Swift-related component (including interface, GUI, Swift and customer connectors),
• [Advisory: on-premises or remote (that is hosted and/or operated by a third party) virtualisation or cloud platform hosting
Swift-related VM’s and their management PCs as per optional enhancement]
• [Advisory:bridging servers (such as middleware or file transfer servers other than customer connectors used for and
guardian of the data exchange between back-office and Swift-related components]
• [Advisory: general-purpose operator PCs as per the optional enhancement]
CONTROL STA
Secure zone including dedicated operator PC systems are scanned for vulnerabilities using an up-to
CONTROL CO
The detection of known vulnerabilities allows vulnerabilities to be analysed, treated, and mitigated. The mitigation of vulner
process which is effective, repeatable and implemented in a timely manner, is necess
ASSESSMENT R
Implementation Guidel
guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the
components relevant for the
The control statement is a suggested mean to fulfil the control objective and the implementation guideli
start an assessment, the implementation guidance section should never be considered as an "audit che
guidelines elements are not present or partially covered, mitigations as well as particular environment
level (again, as per the suggested gui
Guideline
Summar
Recommenda
CONTROL INFORMATION
CONTROL OBJECTIVE
Identify known vulnerabilities within the user's Swift environment by implementing a regular vulnerability
IN-SCOPE COMPONENTS
rator PC
sting a Swift-related component (including interface, GUI, Swift and customer connectors),
premises or remote (that is hosted and/or operated by a third party) virtualisation or cloud platform hosting
M’s and their management PCs as per optional enhancement]
ging servers (such as middleware or file transfer servers other than customer connectors used for and
data exchange between back-office and Swift-related components]
eral-purpose operator PCs as per the optional enhancement]
CONTROL STATEMENT
Secure zone including dedicated operator PC systems are scanned for vulnerabilities using an up-to-date, reputable scanning t
CONTROL CONTEXT
of known vulnerabilities allows vulnerabilities to be analysed, treated, and mitigated. The mitigation of vulnerabilities reduces the numbe
process which is effective, repeatable and implemented in a timely manner, is necessary to continuously detect kn
ASSESSMENT RESULTS
should use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the security go
h, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective
statement is a suggested mean to fulfil the control objective and the implementation guidelines are common metho
ssment, the implementation guidance section should never be considered as an "audit checklist" as each user’s im
lements are not present or partially covered, mitigations as well as particular environment specificities have to be
level (again, as per the suggested guidelines or as per alterna
Has the user identified known vulnerabilities within the local Swift environment by implementing a regular vulnerability scann

Summary
ol Disposition
Recommendations
ions for security enhancements / improvements>
VULNERABILITY SCANNING
ROL INFORMATION
TROL OBJECTIVE
t by implementing a regular vulnerability scanning process and act upon results.
RISK DRIVERS
• Exploitation of known security vulnerabilities
• Unknown security vulnerabilities or security misconfigurations
TROL STATEMENT
sing an up-to-date, reputable scanning tool and results are considered for appropriate resolving actions.
NTROL CONTEXT
ion of vulnerabilities reduces the number of pathways that a malicious actor can use during an attack. A vulnerability scanning
er, is necessary to continuously detect known vulnerabilities and to allow for further action.
SSMENT RESULTS
tion Guideline-Level Detail
ines or alternatives).
)Meets the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope
vant for the user’s architecture.
ion guidelines are common methods for implementing the control. Even if guidelines can be a good way to
"audit checklist" as each user’s implementation may vary. Therefore, in the case that some implementation
vironment specificities have to be taken into account to properly assess the overall compliance adherence
gested guidelines or as per alternatives).
mplementing a regular vulnerability scanning process and acted upon results?

Summary
ecommendations
ABILITY SCANNING
g actions.
attack. A vulnerability scanning
used (be it the suggested
documented in-scope
ines can be a good way to

all compliance adherence
TBD
2.11A
CONTROL INFORMAT
CONTROL OBJECTI
Restrict transaction activity to validated and approv
IN-SCOPE COMPONENTS
• GUI
• dedicated and general-purpose operator PCs
• messaging interface
• Swift and Customer Connector
Note: GUI, connectors and messaging interface are mentioned as potential vectors for RMA exchange and
reporting. Operator PCs used to access the RMA Portal for central management are also mentioned as potential
vectors
CONTROL STATEME
Implement RMA controls to restrict transaction activity wit
CONTROL CONTEXT
Implementing business controls that restrict Swift transactions to the fullest extent possible reduces the opportunity for both t
analysis of effective business relationships where RMA is a mechanism to prevent unwanted traffic on a service by controlling
Application Plus (RMA+
ASSESSMENT RESU
Guideline
Summary
Recommendations
CONTROL INFORMATION
CONTROL OBJECTIVE
Restrict transaction activity to validated and approved business counter
IN-SCOPE COMPONENTS
ed and general-purpose operator PCs

ing interface
d Customer Connector
UI, connectors and messaging interface are mentioned as potential vectors for RMA exchange and
. Operator PCs used to access the RMA Portal for central management are also mentioned as potential
CONTROL STATEMENT
Implement RMA controls to restrict transaction activity with effective business c
CONTROL CONTEXT
menting business controls that restrict Swift transactions to the fullest extent possible reduces the opportunity for both the sending and recei
of effective business relationships where RMA is a mechanism to prevent unwanted traffic on a service by controlling who can send traffic
Application Plus (RMA+).
ASSESSMENT RESULTS
Has the user restricted transaction activity to validated and approved counterparties ?

Summary
Control Disposition
Recommendations
RMA BUSINESS CONTROLS
NTROL INFORMATION
ONTROL OBJECTIVE
to validated and approved business counterparties.
RISK DRIVERS
• Business conducted with an unauthorised counterparty
ONTROL STATEMENT
transaction activity with effective business counterparties.
CONTROL CONTEXT
e opportunity for both the sending and receiving of fraudulent transactions. These restrictions are best determined through an
a service by controlling who can send traffic and what type of messages can be exchanged through Relationship Management
Application Plus (RMA+).
SESSMENT RESULTS
s?
Summary
Recommendations
SINESS CONTROLS
re best determined through an

ugh Relationship Management

TBD
5.3A
CONTROL INFORMAT
CONTROL OBJECTI
To the extent permitted and practicable, Ensure the trustworthiness of staff operating th
IN-SCOPE COMPONENTS
• All staff (such as employees, agents, consultants and contractors) with operational (maintenance or
administration) access to Swift-related systems, HSMs, Swift and customer connector or middleware servers and
on-premises or remote virtualisation or cloud platform hosting Swift-related VMs, Swift and customer connector
VMs or middleware server VMs.
CONTROL STATEME
Staff operating the user's Swift infrastructure are screened prior to initial
CONTROL CONTEX
A personnel screening process, internal or external clearance, provides additional assurance that operators or admini
ASSESSMENT RESU
Guideline
Summary
Recommendations
CONTROL INFORMATION
CONTROL OBJECTIVE
To the extent permitted and practicable, Ensure the trustworthiness of staff operating the user's Swift enviro
IN-SCOPE COMPONENTS
(such as employees, agents, consultants and contractors) with operational (maintenance or
ation) access to Swift-related systems, HSMs, Swift and customer connector or middleware servers and
ses or remote virtualisation or cloud platform hosting Swift-related VMs, Swift and customer connector
middleware server VMs.
CONTROL STATEMENT
Staff operating the user's Swift infrastructure are screened prior to initial employment in that ro
CONTROL CONTEXT
A personnel screening process, internal or external clearance, provides additional assurance that operators or administrators of the user's
ASSESSMENT RESULTS
Has the user ensured the trustworthiness of staff operating the local Swift environment by performing staff screening in line with

Summary
Control Disposition
Recommendations
STAFF SCREENING PROCESS
NTROL INFORMATION
ONTROL OBJECTIVE
ess of staff operating the user's Swift environment by performing regular staff screening
RISK DRIVERS
• Untrustworthy staff or system operators
ONTROL STATEMENT
creened prior to initial employment in that role and periodically thereafter.
ONTROL CONTEXT
hat operators or administrators of the user's Swift infrastructure are trustworthy, and reduces the risk of insider threats.
SESSMENT RESULTS
ent by performing staff screening in line with applicable local laws and regulations?
Summary
Recommendations
EENING PROCESS
e risk of insider threats.

TBD
6.2 (Advisory for A4)
CONTROL INFORM
CONTROL OBJE
Ensure the software integrity of the Swift-relate
IN-SCOPE COMPONENTS
• Swift connector
• GUI to the messaging and communication interface
• messaging interface
• communication interface
• RMA
• SNL
• New HSM (only for the checking of the firmware update)
• [Advisory: Customer connector]
CONTROL STATE
A software integrity check is performed at regular intervals on messaging interface, communication interface, and other
of the software is ensured at download
CONTROL CON
Software integrity checks provide a detective control against u
ASSESSMENT RE
Implementation Guideline
Assessors should use a risk based approach to assess the user’s compliance with the CSP control; i.e. a
guidelines or altern
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated c
relevant for the user’s a
start an assessment, the implementation guidance section should never be considered as an "audit check
guidelines elements are not present or partially covered, mitigations as well as particular environment sp
level (again, as per the suggested guide
Guideline
Summary
Recommendatio
CONTROL INFORMATION
CONTROL OBJECTIVE
Ensure the software integrity of the Swift-related components and act upon re
IN-SCOPE COMPONENTS
aging and communication interface

ace
nterface
or the checking of the firmware update)

mer connector]
CONTROL STATEMENT
integrity check is performed at regular intervals on messaging interface, communication interface, and other Swift-related components and
of the software is ensured at download and at deployment time.
CONTROL CONTEXT
Software integrity checks provide a detective control against unexpected modification to ope
ASSESSMENT RESULTS
hould use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the security goal, r
mply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective, (ii) Addr
relevant for the user’s architecture.
atement is a suggested mean to fulfil the control objective and the implementation guidelines are common methods fo
sment, the implementation guidance section should never be considered as an "audit checklist" as each user’s implem
ements are not present or partially covered, mitigations as well as particular environment specificities have to be take
level (again, as per the suggested guidelines or as per alternative
Has the user ensured the software integrity of the Swift-related components?

Summary
Disposition
Recommendations
ns for security enhancements / improvements>
SOFTWARE INTEGRITY
OL INFORMATION
ROL OBJECTIVE
e Swift-related components and act upon result
RISK DRIVERS
• Unauthorized system changes
• HSM management misused
ROL STATEMENT
ce, and other Swift-related components and results are considered for appropriate resolving actions. Origin and integrity
d at download and at deployment time.
TROL CONTEXT
ntrol against unexpected modification to operational software.
SMENT RESULTS
ion Guideline-Level Detail
nes or alternatives).
the stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope components
the user’s architecture.
on guidelines are common methods for implementing the control. Even if guidelines can be a good way to
audit checklist" as each user’s implementation may vary. Therefore, in the case that some implementation
ironment specificities have to be taken into account to properly assess the overall compliance adherence
ested guidelines or as per alternatives).

Summary
commendations
TWARE INTEGRITY
ions. Origin and integrity
sed (be it the suggested
nted in-scope components
nes can be a good way to

ll compliance adherence
TBD
6.3 (Advisory for A4)
CONTROL INFOR
CONTROL OBJ
Ensure the integrity of the database records for the Swift messaging
IN-SCOPE COMPONENTS
• databases for messaging interface products, including a related hosted database
• databases for customer connector, including a related hosted database
Note: this requirement is not applicable for Architecture A1 if the infrastructure does not include a messaging interface and for
Architecture A4, if there is no database linked to the customer connector.
CONTROL STAT
A database integrity check is performed at regular intervals on databases that record S
CONTROL CON
Database integrity checks provide a detective control against unexp
ASSESSMENT R
Implementation Guidelin
guidelines or alte
As such, to comply with a CSP security control, users must implement a solution that: (i)Meets the stated
relevant for the user’s
The control statement is a suggested mean to fulfil the control objective and the implementation guidelines
an assessment, the implementation guidance section should never be considered as an "audit checkli
guidelines elements are not present or partially covered, mitigations as well as particular environment spe
(again, as per the suggested guideli
Guideline
Summary
Recommenda
CONTROL INFORMATION
CONTROL OBJECTIVE
Ensure the integrity of the database records for the Swift messaging interface or the customer connec
IN-SCOPE COMPONENTS
aging interface products, including a related hosted database
mer connector, including a related hosted database
t is not applicable for Architecture A1 if the infrastructure does not include a messaging interface and for
re is no database linked to the customer connector.
CONTROL STATEMENT
A database integrity check is performed at regular intervals on databases that record Swift transactions and results are c
CONTROL CONTEXT
Database integrity checks provide a detective control against unexpected modification to records stor
ASSESSMENT RESULTS
ould use a risk based approach to assess the user’s compliance with the CSP control; i.e. assess the security goal, re
ply with a CSP security control, users must implement a solution that: (i)Meets the stated control objective, (ii) Addres
relevant for the user’s architecture.
ment is a suggested mean to fulfil the control objective and the implementation guidelines are common methods for im
nt, the implementation guidance section should never be considered as an "audit checklist" as each user’s implemen
nts are not present or partially covered, mitigations as well as particular environment specificities have to be taken int
(again, as per the suggested guidelines or as per alternatives).
Has the user ensured the integrity of the database records for the Swift messaging interface?

Summary
sposition
Recommendations
or security enhancements / improvements>
DATABASE INTEGRITY
OL INFORMATION
OL OBJECTIVE
messaging interface or the customer connector and act upon results
RISK DRIVERS
• Loss of sensitive data integrity
OL STATEMENT
at record Swift transactions and results are considered for appropriate resolving action.
ROL CONTEXT
ainst unexpected modification to records stored within the database.
MENT RESULTS
n Guideline-Level Detail
ntrol; i.e. assess the security goal, regardless of the implementation method used (be it the suggested
es or alternatives).
he stated control objective, (ii) Addresses the risks and (iii) Covers the documented in-scope components
he user’s architecture.
uidelines are common methods for implementing the control. Even if guidelines can be a good way to start
it checklist" as each user’s implementation may vary. Therefore, in the case that some implementation
ment specificities have to be taken into account to properly assess the overall compliance adherence level
ed guidelines or as per alternatives).
interface?
Summary
ommendations
ABASE INTEGRITY
ed (be it the suggested
ted in-scope components
can be a good way to start

some implementation
ompliance adherence level
TBD
6.5A
CONTROL INFORMAT
CONTROL OBJECTI
Detect and contain anomalous network activity into the on-p
IN-SCOPE COMPONENTS
• Network (data exchange layer reaching the Swift-related components)
• Remote (hosted and/or operated by a third party) virtualisation or cloud platform supporting the user Swift
environment
CONTROL STATEME
Intrusion detection is implemented to detect unauthorised ne
CONTROL CONTEX
Intrusion detection systems are most commonly implemented on a network (NIDS) – establishing a baseline for normal oper
network becomes more complex (for example, systems communicating to many destinations, Internet access), so will the intrus
is a helpful enabler for more straightforward and effect
Host intrusion detection systems (HIDS) are intended to protect the individual system they are implemented on in addition to
Intrusion detection systems (NIDS or HIDS) often combine signature- and anomaly-based detection methods. Some syst
Endpoint and extended detection and response (EDR and XDR) are part of an emerging technology that addresses the need fo
of) other problems on systems and on endpoints. This technology is more frequently combined with endpoint protection platfor
ASSESSMENT RESU
Guideline
Summary
Recommendations
CONTROL INFORMATION
CONTROL OBJECTIVE
Detect and contain anomalous network activity into the on-premises or remote Sw
IN-SCOPE COMPONENTS
k (data exchange layer reaching the Swift-related components)
(hosted and/or operated by a third party) virtualisation or cloud platform supporting the user Swift
ent
CONTROL STATEMENT
Intrusion detection is implemented to detect unauthorised network access and an
CONTROL CONTEXT
on detection systems are most commonly implemented on a network (NIDS) – establishing a baseline for normal operations and sending n
becomes more complex (for example, systems communicating to many destinations, Internet access), so will the intrusion detection capabil
is a helpful enabler for more straightforward and effective intrusion detection
ntrusion detection systems (HIDS) are intended to protect the individual system they are implemented on in addition to detect as well as the
usion detection systems (NIDS or HIDS) often combine signature- and anomaly-based detection methods. Some systems have the ability t
and extended detection and response (EDR and XDR) are part of an emerging technology that addresses the need for continuous monitor
problems on systems and on endpoints. This technology is more frequently combined with endpoint protection platform (EPP) that operate
ASSESSMENT RESULTS
Does the user detect and prevent anomalous network activity into and within the local Swift environment?

Summary
Control Disposition
Recommendations
INTRUSION DETECTION
NTROL INFORMATION
ONTROL OBJECTIVE
rk activity into the on-premises or remote Swift environment.
RISK DRIVERS
• Undetected anomalies or suspicious activity
ONTROL STATEMENT
detect unauthorised network access and anomalous activity.
ONTROL CONTEXT
aseline for normal operations and sending notifications when abnormal activity on the network is detected. As an operational
ccess), so will the intrusion detection capability needed to perform adequate detection. Therefore, simplifying network behaviour
aightforward and effective intrusion detection solutions.
mented on in addition to detect as well as the network packets on its network interfaces, similar to the way an NIDS operates.
n methods. Some systems have the ability to respond to any detected intrusion (for example, terminating the connection).
t addresses the need for continuous monitoring and response to advanced threats by detecting suspicious activities and (traces
point protection platform (EPP) that operates at the device level while others expand their monitoring capabilities through XDR.
SESSMENT RESULTS
cal Swift environment?

Summary
Recommendations
USION DETECTION
s detected. As an operational
e, simplifying network behaviour
o the way an NIDS operates.

erminating the connection).
suspicious activities and (traces
toring capabilities through XDR.

TBD
7.3A
CONTROL INFORMAT
CONTROL OBJECTI
Validate the operational security configuration and identify secur
IN-SCOPE COMPONENTS
• general-purpose operator PC or when used jump server used to access the secure zone
• Dedicated operator PCs
• Data exchange layer (the entry points to the secure zone or flows established to the secure zone components
should be considered)
• Swift-related components (including interfaces, GUI, HSM, Swift and customer connectors)
• systems or virtual machines hosting Swift-related components
• network devices protecting the secure zone
• Remote (operated by a third party) virtualisation or cloud Platform hosting Swift related VM’s and their
management PCs
CONTROL STATEME
Application, system and network penetration testing is conducted towards the secur
CONTROL CONTEX
Penetration testing is based on simulated attacks that use similar technologies to those deployed in real attacks. It is used to
access the targeted environment. Conducting these simulations is an effective tool for identifying weaknesses
ASSESSMENT RESU
Guideline
Summary
Recommendations
CONTROL INFORMATION
CONTROL OBJECTIVE
Validate the operational security configuration and identify security gaps by performin
IN-SCOPE COMPONENTS
l-purpose operator PC or when used jump server used to access the secure zone
ted operator PCs
xchange layer (the entry points to the secure zone or flows established to the secure zone components
e considered)
elated components (including interfaces, GUI, HSM, Swift and customer connectors)
s or virtual machines hosting Swift-related components
devices protecting the secure zone
e (operated by a third party) virtualisation or cloud Platform hosting Swift related VM’s and their
ment PCs
CONTROL STATEMENT
Application, system and network penetration testing is conducted towards the secure zone and the opera
CONTROL CONTEXT
ation testing is based on simulated attacks that use similar technologies to those deployed in real attacks. It is used to determine the pathw
access the targeted environment. Conducting these simulations is an effective tool for identifying weaknesses in the environment w
ASSESSMENT RESULTS
Has the user validated the operational security configuration and identify security gaps by performing penetration testing?

Summary
Control Disposition
Recommendations
PENETRATION TESTING
NTROL INFORMATION
ONTROL OBJECTIVE
ation and identify security gaps by performing penetration testing.
RISK DRIVERS
• Unknown security vulnerabilities or security misconfigurations
ONTROL STATEMENT
cted towards the secure zone and the operator PCs or, when used, the jump server.
ONTROL CONTEXT
al attacks. It is used to determine the pathways that attackers might use, and the depth to which the attackers may be able to
identifying weaknesses in the environment which may require correction, improvement, or additional controls.
SESSMENT RESULTS
aps by performing penetration testing?

Summary
Recommendations
TRATION TESTING
h the attackers may be able to

tional controls.

TBD
7.4A
CONTROL INFORMAT
CONTROL OBJECTI
Evaluate the risk and readiness of the organization based
IN-SCOPE COMPONENTS
• Organizational control (people, processes and infrastructure) to be also met by third party operating a remote
virtualisation or cloud platform hosting Swift-related VM’s
CONTROL STATEME
Scenario-based risk assessments are conducted regularly to improve incident response prepared
CONTROL CONTEX
Scenario-based risk assessments, include cyberwar games, test vario
targeting the user's Swift-related infrastructure. Scenario-based ri
business driven exercises performed as part of an institution risk
Management (ISRM) proc
Such assessment considers the following non-exhaustive threats: end-user impersonation, message tampering, message eav
affecting service availability. Results of the assessment and existing mitigations help to identify areas of risks tha
Identified resulting actions, mitigations, or updates have to be reported and closed in line with their criticality as
Several ISRM frameworks exist and can be consulted (for example, on NIST, ENISA, COBRA or ISO sites or from a local or
ISRM and resources (such as CIS-Critical Security Controls). These frameworks can be used to start implementin
ASSESSMENT RESU
Guideline
Summary
Recommendations
CONTROL INFORMATION
CONTROL OBJECTIVE
Evaluate the risk and readiness of the organization based on plausible cyber at
IN-SCOPE COMPONENTS
ational control (people, processes and infrastructure) to be also met by third party operating a remote
tion or cloud platform hosting Swift-related VM’s
CONTROL STATEMENT
Scenario-based risk assessments are conducted regularly to improve incident response preparedness and to increase
CONTROL CONTEXT
Scenario-based risk assessments, include cyberwar games, test various attacks on existin
targeting the user's Swift-related infrastructure. Scenario-based risk assessments also
business driven exercises performed as part of an institution risk management or Infor
Management (ISRM) process.
sessment considers the following non-exhaustive threats: end-user impersonation, message tampering, message eavesdropping, third-par
affecting service availability. Results of the assessment and existing mitigations help to identify areas of risks that may require future a
Identified resulting actions, mitigations, or updates have to be reported and closed in line with their criticality as per internal or organi
l ISRM frameworks exist and can be consulted (for example, on NIST, ENISA, COBRA or ISO sites or from a local or regulator's standard o
ISRM and resources (such as CIS-Critical Security Controls). These frameworks can be used to start implementing a basic risk manag
ASSESSMENT RESULTS
Has the user evaluated the risk and readiness of the organization based on plausible cyber attack scenarios?

Summary
Control Disposition
Recommendations
SCENARIO-BASED RISK ASSESSMENT
NTROL INFORMATION
ONTROL OBJECTIVE
he organization based on plausible cyber attack scenarios.
RISK DRIVERS
• Excess harm from deficient cyber readiness
• Unidentified sensitivity to cyber exposure
ONTROL STATEMENT
ent response preparedness and to increase the maturity of the organization's security programme.
ONTROL CONTEXT
erwar games, test various attacks on existing systems and processes
ture. Scenario-based risk assessments also include technical and
art of an institution risk management or Information Security Risk
nagement (ISRM) process.
mpering, message eavesdropping, third-party software weaknesses, compromising systems or Denial of Service (DoS) attacks
entify areas of risks that may require future actions, risk mitigations or update of the cyber incident response plan.
with their criticality as per internal or organisation’s the Information Security Risk Management (ISRM) process.
sites or from a local or regulator's standard or controls set of the same rigour as the industry guidance) to define user's proper
ed to start implementing a basic risk management process to be further enhanced to address user's specific risks.
SESSMENT RESULTS
le cyber attack scenarios?

Summary
Recommendations
RISK ASSESSMENT
me.
Denial of Service (DoS) attacks

ent response plan.
(ISRM) process.
dance) to define user's proper

ser's specific risks.

TBD

CSCF Assessment Template For Advisory Controls v2024 v1.0

Uploaded by

Copyright:

Available Formats

CSCF Assessment Template For Advisory Controls v2024 v1.0

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CSCF Assessment Template For Advisory Controls v2024 v1.0

Uploaded by

Copyright:

Available Formats

713984381.

xlsx - Read me first Tab Template Version: 2019

CSCF Assessment template instructions - Advisory controls - Version 2024

Access the Attestation Support page

USER BACKGROUND DATA SHEET

ADVISORY CONTROLS SUMMARY

• Excess privilege or access

nistrator-level operating system accounts?

ands, deleting evidence).

used (be it the suggested

ines can be a good way to

Has the user employed an alternative implementation approach?

tails as documented in the CSCF>

d disclosure, modification, and

method used (be it the

guidelines can be a good

Has the user employed an alternative implementation approach?

ed or stored outside of the secure zone as part of operational processes?

r offline processing is protected

one and manipulated as per

outside of secure zones (when,

method used (be it the

guidelines can be a good

• [Advisory: general-purpose operator PCs as per the optional enhancement]

eral-purpose operator PCs as per the optional enhancement]

Has the user employed an alternative implementation approach?

mplementing a regular vulnerability scanning process and acted upon results?

attack. A vulnerability scanning

used (be it the suggested

ines can be a good way to

ed and general-purpose operator PCs

Has the user employed an alternative implementation approach?

re best determined through an

method used (be it the

guidelines can be a good

Has the user employed an alternative implementation approach?

• Untrustworthy staff or system operators

e risk of insider threats.

method used (be it the

guidelines can be a good

aging and communication interface

or the checking of the firmware update)

Has the user employed an alternative implementation approach?

tails as documented in the CSCF>

ions. Origin and integrity

sed (be it the suggested

nted in-scope components

nes can be a good way to

Has the user employed an alternative implementation approach?

• Loss of sensitive data integrity

ed (be it the suggested

ted in-scope components

can be a good way to start

Has the user employed an alternative implementation approach?

cal Swift environment?

o the way an NIDS operates.

method used (be it the

guidelines can be a good

Has the user employed an alternative implementation approach?