SWIFT Attestation Service

SWIFT Customer Security Programme

Controls in CSCF v2021

SWIFT Customer Security Controls Framework (CSCF) is comprised of mandatory and advisory security controls applicable to all users of SWIFT.

The 31 security controls within the framework, 21 of which are mandatory, support 8 security principles and 3 overarching objectives. These security controls protect SWIFT customers against cyberattacks within their local environment, preventing or reducing certain risk factors from affecting business confidentiality, integrity and availability.

The mandatory security controls create a security baseline for the entire SWIFT community and help users set realistic and tangible goals for reducing the level of risk in their local environment. The advisory controls are based upon SWIFT preferred procedure, which all users are encouraged to follow. Controls can change over time as the threat landscape evolves. As a result of this, advisory controls may become mandatory in the future.

To discern which components are in scope, each user must establish which of the five reference architecture types most closely resembles their own. Certain security controls may or may not apply, depending on the architecture type.

Not sure which architecture type you are, we can help – simply select, “I Don’t Know”, on the contact form.

Request A Call

  • Simply fill in your details below and one of our team will give you a call to discuss your requirements.

What if I do not comply

Failure to submit a valid attestation is visible to all counterparties and SWIFT can report a user’s non-compliance to local supervisory bodies. SWIFT can also exercise other rights and remedies available to it such as, but not limited to, the suspension or termination of the affected SWIFT services and products.

How Bluewater Compliance can help

Here at Bluewater, we specialise in financial compliance and are regulated by the FCA. Launched in 2016 following successful careers at world-leading financial institutions, we have the necessary skills and experience needed to help customers understand the importance of cyber-risk management and security.