Beruflich Dokumente
Kultur Dokumente
CSP v2020?
What is new in the recently updated CSP?
What is new in the recently updated CSP? |SWIFT Customer Security Programme
While a self-attestation usually takes a light approach, an independent assessment should rely on evidence for the design,
the implementation, and the operating effectiveness of the controls.
2
What is new in the recently updated CSP? |SWIFT Customer Security Programme
Two advisory controls, introduced in v2019, are being •• 2.11A – RMS business control: This control has been
promoted to mandatory: extracted from control 2.9A to split the transactions
and RMA business controls
•• 1.3 – Virtualization platform protection: The
objective is to secure the virtualization platform
Finally one control is being extended:
and virtual machines hosting the SWIFT-related
components to the same level as physical systems •• 2.4A – Back-office data flow security: The
middleware components are now included in the scope
•• 2.10 – Application hardening: The objective
is to reduce the attack surface of SWIFT-related
components by performing interfaces and application
hardening
CSP assessment
· Compliance
assessment CSP
Compliance report
CSP
2019 IAF 2020
· Compliance
declaration
3
What is new in the recently updated CSP? |SWIFT Customer Security Programme
Created in Promoted in
v2020 v2020 version XX as version XX to
mandatory advisory advisory mandatory
A M
XX XX
Physically
secure 3.1 Physical
the environment security
Prevent
compromise of 4.1 Password 4.2 Multi-factor
credentials policy authentication
Detect anomalous
activity to systems 6.3 Database 6.4
6.1 Malware 6.2 Software Logging and 6.5A Intrusion
or transaction protection integrity integrity detection
records monitoring
4
Contacts
Stéphane Hurtaud
Partner – Information & Technology Risk
+352 451 454 434
shurtaud@deloitte.lu
Maxime Verac
Director – Information & Technology Risk
+352 451 454 258
mverac@deloitte.lu