If you are a financial institution, you are most likely aware of SWIFT Customer Security Controls Framework (CSCF). SWIFT’s services are used and trusted by over 11,000 financial institutions across over 200 countries. The CSCF standards were established to foster awareness and good practices around security for the entire SWIFT community. The clock is ticking for many SWIFT customers with enforcement and inspection of these standards starting on January 1, 2018.
As the SWIFT CSCF compliance deadline approaches, here's what you should know:
SWIFT CSCF requires organizations to implement granular controls for access and set and enforce clear roles and responsibilities for administrators. Organizations still using legacy tools (for example VPN and RDP) do not inherently provide the level of control specified in the regulations.
Least privilege principles are featured in Objective 3 - Know and Limit Access. All tools need to evaluate who is using them, and if they are securely implemented- i.e. not being used for external third-party vendors.
SWIFT is requiring users to self-attest against SWIFT’s mandatory controls. SWIFT users must be proactive in meeting compliance and must be able to provide the reports and audit logs needed to prove that your organization is meeting regulations. There are both a mandatory and advisory set of regulations. The mandatory set have been prioritized for the January 1st deadline to set a realistic near-term goal.
SWIFT has communicated that all SWIFT users will have access to each other’s compliance reports, “allowing organizations to assess the risk of counterparts with whom they are doing business.” If your organization is not able to meet SWIFT standards, it could hinder business opportunity. It is not too late to adopt technology that can turn this around.
BeyondTrust Privileged Access Management (PAM) solutions enable organizations to address SWIFT CSCF security and compliance requirements while contributing to a true defense-in-depth strategy. Enforce least privilege with granular permission settings and group and session policies, meet password requirements with an enterprise level password vault, and provide robust attestation reports with ease by leveraging BeyondTrust’s automatic recording and logging capabilities.
With a cost-effective licensing model and a secure, robust, architecture capable of supporting up to tens of thousands of critical systems, BeyondTrust is the ideal choice for large, geographically dispersed environments. BeyondTrust can help you meet 16 of the mandatory and advisory SWIFT CSCF requirements. Download our SWIFT guide to learn more about SWIFT and the 16 mandatory and advisory CSCF requirements that BeyondTrust can help your organization meet.
Karl Lankford, Director, Solutions Engineering
Karl Lankford is the Director, Solutions Engineering, for BeyondTrust and has worked at BeyondTrust for 4 years. He has acquired a wide-range of security experience and knowledge working with companies during the last 10 years across multiple industries and is a regular speaker at industry conferences.
