The SWIFT Customer Security Controls Framework (CSCF) defines the scope of components that must comply with its security controls, particularly those handling SWIFT-related data or connectivity. Let’s analyze the scenario:
•A Treasury Management System (TMS) application is a back-office system used to manage financial operations, such as payments or liquidity management. A customer connector is a custom application or integration layer that connects the user’s systems (e.g., TMS) to the SWIFT infrastructure, in this case via a Service Bureau. The hosting system is the physical or virtual machine on which both applications are installed.
•The TMS and customer connector are on the same machine, and the customer connector connects to a Service Bureau, which hosts the SWIFT communication infrastructure (e.g., Alliance Gateway).
•CSCF Scope: The "Swift Customer Security Controls Framework v2025" and "CSP Architecture Type - Decision tree" define the scope as including:
oCustomer connectors: These are in scope because they facilitate SWIFT connectivity (e.g., sending/receiving SWIFT messages), even if connecting via a Service Bureau.
oSystems hosting in-scope components: The hosting system (machine) is in scope because it runs the customer connector, which is directly involved in SWIFT data flows.
oBack-office systems (e.g., TMS): Normally, back-office systems are out of scope unless they are closely integrated with SWIFT infrastructure. In this case, the TMS is installed on the same machine as the customer connector, creating a shared environment. The CSCF considers systems in the same environment as in-scope if they could impact the security of SWIFT-related components (e.g., Control "1.1 SWIFT Environment Protection").
•Service Bureau Context: Connecting to a Service Bureau (architecture type A2) does not exempt the local components from CSCF scope. The "Independent Assessment Framework" requires assessing all local components that interact with SWIFT, even if the communication layer is outsourced.
•Option A: The TMS application, the customer connector, and the hosting system are in the scope of the CSCF
This is correct. The customer connector is explicitly in scope as it handles SWIFT data flows. The hosting system is in scope because it runs the connector. The TMS, while typically a back-office system, is in scope because it shares the same machine, creating a risk of lateral movement or privilege escalation (e.g., CSCF Control "1.1"). The "CSP_controls_matrix_and_high_test_plan_2025" includes shared environments in the assessment scope.
•Option B: Only the customer connector application is in scope of the CSCF. The TMS application is a back-office
This is incorrect. While the TMS is a back-office system, its co-location on the same machine as the customer connector brings it into scope due to shared risks, as per CSCF guidelines.
•Option C: The TMS application is the highest risk and must be secured appropriately. The customer connector should be secured on a best effort basis
This is incorrect. The CSCF does not prioritize the TMS as the "highest risk" nor suggest "best effort" security for the customer connector. Both components must be secured per mandatory controls when in scope.
•Option D: The TMS application, the customer connector, and the hosting system are in scope only if they connect directly to SWIFT, not towards a Service Bureau
This is incorrect. The CSCF scope includes components connecting via a Service Bureau, as they still handle SWIFT data and are part of the user’s architecture (e.g., A2).
Summary of Correct Answer:
The TMS application, customer connector, and hosting system are all in scope of the CSCF (A) due to their shared environment and connectivity to SWIFT via a Service Bureau.
References to SWIFT Customer Security Programme Documents:
•Swift Customer Security Controls Framework v2025: Control 1.1 includes shared environments in scope.
•CSP Architecture Type - Decision tree: Classifies A2 for Service Bureau setups with local connectors.
•Independent Assessment Framework: Requires assessing all components in shared environments.
========
Submit