SWIFT, the Society for Worldwide Interbank Financial Telecommunications, is a messaging network that financial institutions use to securely transmit information and instructions through a standardized system of codes.1
According to SWIFT:
The SWIFT Customer Security Controls Framework describes a set of mandatory and advisory security controls for SWIFT customers.
Mandatory security controls establish a security baseline for the entire communit, and must be implemented by all users on their local SWIFT infrastructure. SWIFT has chosen to prioritise these mandatory controls to set a realistic goal for near-term, tangible security gain and risk reduction.
Advisory controls are based on good practice that SWIFT recommends users to implement. Over time, mandatory controls may change due to the evolving threat landscape, and some advisory controls may become mandatory.
All controls are articulated around three overarching objectives:
The controls have been developed based on SWIFT's analysis of cyber threat intelligence and in conjunction with industry experts and user feedback. The control definitions are also intended to be in line with existing information security industry standards.2