ecs-app-web-logo-160
Blog

Swift CSP 2024: Overview of the updates for this year

Considering the sophisticated cyber-attacks on Swift users, Swift CSP 2024 (Customer Security Programme) was developed to aid financial institutions with updated and effective defenses. This program maintains appropriate cyber security hygiene of the wider financial network and reduces the financial impact of fraudulent transactions.

Swift CSP 2024: Overview of the updates for this year

Underneath this program, users must submit an attestation application against advisory and mandatory security protocols outlined in the CSCF (Customer Security Controls Framework). These protocols may undergo annual updates to promote transparency and encourage a collective effort among peers. So, let’s explore the necessary controls that we must adhere to in order to secure ourselves from cyber attackers.

What are the mandatory and advisory controls of Swift CSP 2024?

The primary purpose of mandatory security controls is to establish a fundamental level of security across the financial community, mitigating the risk of cyber-attacks. All the Swift users are entitled to follow the rules outlined in the Customer Security Controls Framework (CSCF). These mandatory controls set pragmatic objectives for achieving immediate and measurable security improvements, contributing to risk reduction.
However, advisory controls are recommendations for the best practices that apply to all users. These controls may change over time due to the evolving threat landscape, new technologies, security-related regulations in significant jurisdictions, advancements in cybersecurity practices, or user feedback. Consequently, some advisory controls may transition into mandatory status while new controls may be introduced.
All controls are structured to align with three overarching objectives:

  • Secure your Environment

  • Know and Limit Access

  • Detect and Respond

Objetives and Principles

This year, the Swift CSP 2024 contains 32 security controls of which 25 mandatory controls and 7 advisory controls. Given the dynamic nature of the cyber-threat landscape, these controls play an indispensable role in addressing and mitigating the cyber-security risks inherent in the Swift user environment. After all, the goal is to effectively tackle these identified risks.

Overview of CSCF changes with Swift CSP 2024

The Swift Customer Security Controls Framework incrementally builds on last year’s version to maintain the system’s integrity and continuously assist all Swift users.
Control 2.8 (Outsourced Critical Activity Protection) has been made mandatory and subjected to minor clarifications to support the endorsement of outsourcing and cloudification within Swift. Moreover, to promote the phase of making Control 2.4 A (Back Office Data Flow Security) into a mandatory control, several modifications/amendments have been implemented to identify accurately:
  • The servers responsible for building communication between the user's secure zone and back office
  • The mechanisms ensuring data flow is securely exchanged.
Moving forward, some minor adjustments have been made to controls, enhancing the application’s risk appetite and understanding of the framework, such as.
Overview of CSCF changes with Swift CSP 2024
  • Control 2.4 (Back Office Data Flow Security) and Control 2.1 (Internal Data Flow Security) shares the same risk drivers.
  • Control 2.3(System Hardening) contains all the guidance concerning USB ports protection
  • Control 2.3(System Hardening) now incorporates an optional enhancement plan to the application to allow listing.
  • Control 2.9 (Transaction Business Controls) now explicitly mentions business controls can be performed outside the secure zone.
  • Wording regarding supervision and secure storing of tokens has been aligned in control 3.1 (Physical Security) and 5.2 (Token Management).
The persistence of cyber-attacks underscores the importance of exercising prudence and maintaining diligence to establish a barrier against cybercrimes. As the cyber threat landscape evolves, so does the CSP. The controls mentioned above have been updated through continuous cyber-threat analysis, aligning them radically with existing information security industry standards. Users are responsible for securing their environments and Swift services access to uphold a secure economy.

Bottomline

ECS Fin leverages over a decade of expertise in delivering comprehensive compliance services tailored for banking and financial clients. We possess a profound understanding of the intricate cybersecurity challenges prevalent in this domain. Our commitment extends to supporting you through every phase, ensuring a seamless and successful attestation for SWIFT's Customer Security Programme (CSP). Know more about Swift CSP Assessment!/ Let ECS Fin help you reinforce the security of your systems

Our Content

Take a look of our Blog

Don’t miss the opportunity to stay up to date with the latest industry trends.
Fintech Trends 2025: Where Is the Industry Headed?

Fintech Trends 2025: Where Is the Industry Headed?

Mastering Pre-Payment Processing: All You Need to Know 

Mastering Pre-Payment Processing: All You Need to Know 

Swift Integration Layer (SIL) will be discontinued in 2026

Swift Integration Layer (SIL) will be discontinued in 2026

ECS Fin - A Systems Approach to Messaging & Transaction Processing Solutions

ECS Fin is an engineering enterprise that specializes in process optimization. We design software solutions with a systems approach to transaction processing.

Facebook-f X-twitter Jki-linkedin-light Instagram Youtube

Quick Menu

Products

Quick Contact

50 Main Street #1000-1036 White Plains, NY 10606, New York

© 2024 ECS FIN. All Rights Reserved.