Strengthen your SWIFT-related infrastructure against cyber threats

Swift introduced a security programme named the Swift Customer Security Programme (CSP) in light of increasing cyber-attacks. The core component of CSP is the Customer Security Controls Framework (CSCF) which describes a set of mandatory and advisory security controls for Swift users.

Mandatory security controls establish a security baseline for the entire Swift community and must be implemented by all users on their local Swift infrastructure. Swift has chosen to prioritise these mandatory controls to set realistic goals for near-term, tangible security gain and risk reduction. 

Advisory controls are based on good practice that Swift recommends implementing. Over time, mandatory controls may change due to the evolving threat landscape, and some advisory controls may become mandatory.

Every organisation using Swift has to confirm effective compliance with the mandatory security controls by no later than 31 December each year. An independent assessment is a prerequisite for attestation, to enhance the integrity, consistency, and accuracy of attestations.