Swift Customer Security Programme Assessor Certification(CSPAC) CSP-Assessor Question # 18 Topic 2 Discussion

CSP-Assessor Exam Topic 2 Question 18 Discussion:

Question #: 18

Topic #: 2

Select the environment that is not in scope in a SWIFT user CSP assessment (assuming the environments are separated).
•Swift Customer Security Controls Policy
•Swift Customer Security Controls Framework v2025
•Independent Assessment Framework
•Independent Assessment Process for Assessors Guidelines
•Independent Assessment Framework - High-Level Test Plan Guidelines
•Outsourcing Agents - Security Requirements Baseline v2025
•CSP Architecture Type - Decision tree
•CSP_controls_matrix_and_high_test_plan_2025
•Assessment template for Mandatory controls
•Assessment template for Advisory controls
•CSCF Assessment Completion Letter
•Swift_CSP_Assessment_Report_Template

SWIFT infrastructure (sometimes known as Live)

Development

Disaster Recovery

Cold backup systems

Get Premium CSP-Assessor Questions

Explanation

The CSCF defines the scope of environments for a SWIFT user CSP assessment, focusing on environments that handle live SWIFT transactions or are critical to operational continuity. The "Swift Customer Security Controls Framework v2025" and "Independent Assessment Framework" provide guidance on scope. Let’s evaluate each option, assuming the environments are separated:

•Option A: SWIFT infrastructure (sometimes known as Live)

This is in scope. The live environment, where actual SWIFT transactions are processed (e.g., Alliance Access sending MT103 messages), is the primary focus of the CSCF. Controls like "1.1 SWIFTEnvironment Protection" and "2.1 Internal Data Transmission Security" apply directly to this environment.

•Option B: Development

This is not in scope. Development environments, used for building or testing applications before deployment, are typically out of scope if they are fully separated from live systems and do not process real SWIFT data. The "Independent Assessment Framework" excludes development environments unless they are integrated with live systems, which the question assumes is not the case.

•Option C: Disaster Recovery

This is in scope. Disaster Recovery (DR) environments are designed to take over in case of a failure in the live environment. Since they can process live SWIFT transactions during a failover, they must comply with CSCF controls (e.g., Control "1.1") to ensure continuity and security.

•Option D: Cold backup systems

This is in scope. Cold backup systems, while not actively processing transactions, are part of the SWIFT infrastructure’s resilience strategy. They must be secured to prevent compromise (e.g., CSCF Control "1.2 Physical Security") and are included in the assessment scope per the "Assessment template for Mandatory controls."

Summary of Correct Answer:

The Development environment (B) is not in scope for a SWIFT user CSP assessment if separated from live systems.

References to SWIFT Customer Security Programme Documents:

•Swift Customer Security Controls Framework v2025: Excludes development environments from scope if separated.

•Independent Assessment Framework: Focuses on live, DR, and backup environments.

•Assessment template for Mandatory controls: Includes DR and backup systems in scope.

========

Actual exam question for Swift CSP-Assessor exam by Kai29491 at Aug 3, 2025, 12:00:00 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Swift Customer Security Programme Assessor Certification(CSPAC) CSP-Assessor Question # 18 Topic 2 Discussion

Swift Customer Security Programme Assessor Certification(CSPAC) CSP-Assessor Question # 18 Topic 2 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval