Why the SWIFT CSP?
As SWIFT community members increasingly became targets of cyber criminals, SWIFT launched its Customer Security Programme (CSP) and issued the Customer Security Controls Framework (CSCF) to establish a baseline of security controls for users to defend against, detect, and recover from cybercrime.
The CSCF is based on three objectives encompassing eight principles and 31 security controls, including both mandatory and advisory (optional) security controls for SWIFT users. Since 2018, users have been required to attest to their compliance with all mandatory controls that are applicable to that user according to its architecture type and infrastructure.
As of July 2021, the SWIFT Customer Security Controls Framework (CSCF) now requires an independent assessment under the guidance provided in the SWIFT Independent Assessment Framework (IAF). As a SWIFT CSP assessment provider Schellman can assist SWIFT users with their attestation. As SWIFT security controls are mapped against NIST CSF, PCI-DSS, and ISO 27001, Schellman can add value to your assessment by helping you leverage it across a multiple audit approach.