Setting the context
SWIFT (Society for Worldwide Interbank Financial Telecommunications) is a vast messaging network used by banks and other financial institutions to quickly, accurately, and securely send and receive information, such as money transfer instructions.
In Vietnam, we have had a vast amount of opportunity in conducting SWIFT system security gap assessment projects for Vietnamese banks. Through this article, we would like to provide you a short introduction about the Customer Security Controls Framework for the SWIFT system, as well as sharing best practices that the client should consider while implementing and securing the SWIFT system according to SWIFT requirements.
Introduction to SWIFT’s Information Security Risk and Controls
The SWIFT Customer Security Controls Framework describes a set of mandatory and advisory security controls for SWIFT users. Mandatory security controls establish a security baseline for the entire community and must be implemented by all users on their local SWIFT infrastructure. SWIFT has chosen to prioritise these mandatory controls to set a realistic goal for near-term, tangible security gain and risk reduction.
Advisory controls are based on good practice that SWIFT recommends users to implement. Over time, mandatory controls may change due to the evolving threat landscape, and some advisory controls may become mandatory.
For more information on SWIFT Security Assessment, please access the EN and VN documents below.