CSP-Assessor Customer Security Programme Assessor Certification(CSPAC) Question and Answers

This question addresses the obligations of a Swift user who has switched from one Service Bureau (SB) to another under the Customer Security Programme (CSP).

Step 1: Understand CSP Obligations for Changes

TheSwift Customer Security Controls Framework (CSCF) v2024andIndependent Assessment Frameworkrequire Swift users to maintain accurate and up-to-date information regarding their infrastructure,including changes in service providers like Service Bureaus. Such changes may impact compliance and architecture types.

Step 2: Evaluate Each Option

A. To inform the SB certification office at Swift WWThere is no specific "SB certification office" mentioned in theCSCF v2024orSwift CSP Guidelines. Notifications are typically handled through attestation updates, not a dedicated office.Conclusion: Incorrect.

B. To reflect that in the next attestation cycleWhile changes must be reflected in attestations, delaying this until the next cycle (e.g., annually) is insufficient if the change affects compliance. TheSwift CSP Compliance Guidelinesrequire timely updates for significant changes.Conclusion: Incorrect.

C. None if there is no impact in the architecture typeEven if the architecture type (e.g., A2, A4) remains unchanged, a switch in Service Bureau may affect security controls, vendor management, or connectivity. TheCSCF v2024underControl 1.1: Swift Environment Protectionrequires users to report changes that could impact compliance, regardless of architecture type.Conclusion: Incorrect.

D. To submit an updated attestation reflecting this change within 3 monthsTheSwift CSP Compliance GuidelinesandIndependent Assessment Frameworkmandate that significant changes (e.g., switching Service Bureaus) be reported through an updated attestation within 3 months. This ensures Swift is informed of potential compliance impacts and allows for review.Conclusion: Correct.

Step 3: Conclusion and Verification

The correct answer isD, as theCSCF v2024andSwift CSP Compliance Guidelinesrequire an updated attestation within 3 months to reflect a change in Service Bureau.

References

Swift Customer Security Controls Framework (CSCF) v2024, Control 1.1: Swift Environment Protection.

Swift Independent Assessment Framework, Section: Change Reporting.

Swift CSP Compliance Guidelines, Section: Timely Updates.

This question pertains to Local Security Officer (LSO) and Remote Security Officer (RSO) accounts on SWIFT Alliance Access, a key component of the SWIFT infrastructure. Let’s evaluate each statement:

A. They are local Security Officers

LSOs and RSOs are indeed Security Officers responsible for managing security functions on Alliance Access. LSOs operate locally, while RSOs can perform tasks remotely, but both are classified as Security Officers under SWIFT’s terminology.

This question compares the SWIFT footprint (components within the CSP scope) across different infrastructures:

Step 1: Define SWIFT Footprint

The SWIFT footprint includes all systems and components handling SWIFT messaging or connectivity, as defined in CSCF Control 1.1 – SWIFT Environment Protection.

SwiftNet Link (SNL) is the mandatory network interface software that enables connectivity to the SWIFTNet network, providing transport, security, and service management functionalities. The Swift Alliance Gateway (SAG) is a communication interface that consolidates message flows and relies on SNL to connect to SWIFTNet. According to SWIFT documentation, SAG is built on top of SNL, making SNL a prerequisite for SAG operation. This dependency is consistent across on-premises and cloud-based deployments (e.g., Alliance Connect Virtual), where SNL ensures secure communication over the SWIFT Secure IP Network (SIPN). The CSCF Control "1.1 SWIFT Environment Protection" underscores the need for secure connectivity components like SNL. There are no documented scenarios where SAG can operate without SNL, confirming the statement is true.

References to SWIFT Customer Security Programme Documents:

•SWIFT Customer Security Controls Framework (CSCF) v2024: Control 1.1 mandates secure connectivity components like SNL.

•SWIFT Alliance Gateway Documentation: SAG requires SNL for SWIFTNet connectivity.

•SWIFTNet Link Documentation: SNL is the mandatory interface for all SWIFTNet communications.

========

This question identifies the supporting documents for a CSP assessment under theSwift Customer Security Programme (CSP).

Step 1: Understand Assessment Documentation

TheIndependent Assessment FrameworkandCSCF v2024specify the documents assessors must use to evaluate compliance with CSCF controls.

Step 2: Evaluate Each Option

A. The CSP User HandbookTheSwift CSP User Handbookprovides guidance on CSP requirements, processes, and best practices, making it a key supporting document for assessors.Conclusion: Correct.

B. The mapping to industry standards articleWhile useful for context, this article is not a primary document for conducting assessments. TheCSCF v2024focuses on its own controls, not industry mappings, which are advisory.Conclusion: Incorrect.

C. The Controls Matrix and High Level Test PlanTheControls Matrix(part of the CSCF) maps controls to components, and theHigh Level Test Planoutlines assessment procedures. Both are essential for structuring and executing the assessment, per theIndependent Assessment Framework.Conclusion: Correct.

D. The Customer Security Controls FrameworkTheCSCF v2024is the foundational document defining controls and requirements, mandatory for all assessments.Conclusion: Correct.

Step 3: Conclusion and Verification

The correct answers areA, C, and D, as these documents are explicitly referenced in theCSCF v2024andIndependent Assessment Frameworkfor conducting CSP assessments.

References

Swift Customer Security Controls Framework (CSCF) v2024, Section: Assessment Guidance.

Swift Independent Assessment Framework, Section: Supporting Documents.

Swift CSP User Handbook, Section: Assessment Process.

This question examines the applicability of internet access restrictions under theSwift Customer Security Controls Framework (CSCF) v2024.

Step 1: Understand Internet Access Restrictions

Control 2.6: Internet Accessibility Restrictionof theCSCF v2024requires restricting internet access for Swift-related components to minimize exposure, applicable to both secure zones and other in-scope systems.

Step 2: Analyze the Statement

The question asks if the restriction is only relevant when Swift-related components are in a secure zone, implying a scope limitation.

Step 3: Evaluate Each Option

A. Yes, because if there is no secure zone then the internet connectivity does not need to be restrictedIncorrect.Control 2.6applies to all in-scope components, not just those in secure zones. For example, operator PCs accessing hosted applications (e.g., via A3 architecture) must have restricted internet access, per theSwift Security Best Practices.Conclusion: Incorrect.

B. No, because there can be in-scope general operator PCs used to access a Swift-related application hosted at a service providerCorrect. General operator PCs (e.g., Component B in the diagram) are in scope when accessing Swift applications (e.g., hosted by a service provider in A3 architecture).Control 2.6requires internet restriction for these systems, even outside a secure zone, as confirmed in theCSCF v2024andSwift Outsourcing Guidelines.Conclusion: Correct.

Step 4: Conclusion and Verification

The correct answer isB, asControl 2.6mandates internet access restrictions for all in-scope components, including operator PCs accessing hosted Swift applications, not just those in secure zones.

References

Swift Customer Security Controls Framework (CSCF) v2024, Control 2.6: Internet Accessibility Restriction.

Swift Security Best Practices, Section: Internet Access Controls.

Swift Outsourcing Guidelines, Section: Operator PC Security.

The "Independent Assessment Process for Assessors Guidelines" and "Independent Assessment Framework" provide guidance on using external audit reports (e.g., ISAE 3000) to support CSP assessments. ISAE 3000 is an international standard for assurance engagements. Let’s evaluate each option:

•Option A: No, that is too old, the maximum is 18 months

This is correct. The CSP specifies that external reports like ISAE 3000 must be no older than 18 months to ensure relevance, as security environments can change. The "Independent Assessment Framework" and "CSP_controls_matrix_and_high_test_plan_2025" set this time limit to validate current compliance status.

•Option B: Yes, there is no time limit for an ISAE 3000 report

This is incorrect. A time limit is enforced to ensure the report reflects the current security posture, as per CSP guidelines.

•Option C: No, an ISAE 3000 report is no valid substitute as a rule

This is incorrect. An ISAE 3000 report can be used as supporting evidence if relevant and recent, but it is not a full substitute for the independent assessment, per the "Independent Assessment Process for Assessors Guidelines."

•Option D: Yes, provided there is no change to the SWIFT user’s infrastructure

This is incorrect. Even with no changes, the 18-month limit applies to ensure the report’s currency, not just infrastructure stability.

Summary of Correct Answer:

An assessor cannot rely on an ISAE 3000 report dating back 2 years; the maximum is 18 months (A).

References to SWIFT Customer Security Programme Documents:

•Independent Assessment Process for Assessors Guidelines: Limits ISAE 3000 reports to 18 months.

•Independent Assessment Framework: Specifies timeframe for external evidence.

•CSP_controls_matrix_and_high_test_plan_2025: Enforces currency of supporting reports.

========

This question revisits the role of the Swift Alliance Gateway (SAG), similar to Question 6, but with different statements.

Step 1: Recap the Role of Alliance Gateway

The Swift Alliance Gateway (SAG) is a connectivity and security layer that facilitates interaction with the Swift network, as detailed in theSwift Alliance Gateway User Guideand referenced inControl 1.1: Swift Environment Protectionof theCSCF v2024.

Step 2: Evaluate Each Option

A. It is used to exchange messages over the Swift networkThe SAG acts as a gateway to concentrate and securely route SwiftNet traffic, enabling the exchange of messages over the Swift network. It handles connectivity, security (e.g., PKI), and message routing, as confirmed in theSwift Alliance Gateway Technical Documentation. This aligns with its role in the Swift ecosystem.Conclusion: This is correct.

B. It is used to create messages to send over the Swift networkAs noted in Question 6, the SAG does not create messages. Message creation is handled by applications like Alliance Access or Entry. The SAG’s role is to route and secure messages, not generate them, per theSwift Alliance Gateway User Guide.Conclusion: This is incorrect.

Step 3: Conclusion and Verification

The correct statement isA, as the Alliance Gateway’s primary function is to facilitate the secure exchange of messages over the Swift network, consistent with Swift CSP documentation.

References

Swift Alliance Gateway User Guide, Section: Functionality Overview.

Swift Customer Security Controls Framework (CSCF) v2024, Control 1.1: Swift Environment Protection.

Swift Alliance Gateway Technical Documentation, Section: Message Routing.

CSCF Control "4.2 Intrusion Detection" requires SWIFT users to detect unauthorized access or activities within the SWIFT environment. The "Swift Customer Security Controls Framework v2025" allows flexibility in meeting this control using various technologies. Let’s evaluate each option:

•Option A: NIDS (Network Intrusion Detection System)

This is valid. NIDS monitors network traffic to detect intrusions (e.g., on VPN boxes), aligning with Control "4.2" by identifying external threats.

•Option B: HIDS (Host Intrusion Detection System)

This is valid. HIDS monitors individual hosts (e.g., servers running Alliance Access) for suspicious activities, supporting Control "4.2" for internal threat detection.

•Option C: EDR and XDR (Endpoint Detection and Response, Extended Detection and Response)

This is valid. EDR and XDR provide advanced monitoring and response capabilities for endpoints and across environments, meeting Control "4.2" requirements for detecting and responding to intrusions.

•Option D: A combination of all of the above

This is correct. The CSCF encourages a layered security approach, and the "CSP_controls_matrix_and_high_test_plan_2025" and "Assessment template for Mandatory controls" accept a combination of NIDS, HIDS, EDR, and XDR to comprehensively meet Control "4.2," depending on the architecture and risk profile.

Summary of Correct Answer:

Intrusion Detection Control can be met through a combination of NIDS, HIDS, EDR, and XDR (D).

References to SWIFT Customer Security Programme Documents:

•Swift Customer Security Controls Framework v2025: Control 4.2 allows multiple detection technologies.

•CSP_controls_matrix_and_high_test_plan_2025: Supports combined approaches.

•Assessment template for Mandatory controls: Includes various intrusion detection methods.

========

The SWIFT CSP Assessor certification program, governed by the "Independent Assessment Process for Assessors Guidelines" and related documents, requires assessors to maintain relevant professional qualifications. Let’s evaluate:

•Option A: No, a valid external cybersecurity certification is mandatory to keep the CSP Certified Assessor certification

This is correct. The SWIFT CSP Assessor certification requires assessors to hold a valid external cybersecurity certification (e.g., CISA, CISSP) as a prerequisite for initial certification and ongoing eligibility. The "Independent Assessment Process for Assessors Guidelines" specifies that expiration of this certification invalidates the CSP Assessor status until renewed, ensuring assessors maintain current expertise.

•Option B: Yes, if the SWIFT CSP Assessor certification is still valid

This is incorrect. The validity of the CSP Assessor certification is contingent on maintaining an active external cybersecurity certification. The "Independent Assessment Framework" and "Assessment template for Mandatory controls" emphasize this dual requirement to uphold assessment quality.

Summary of Correct Answer:

A valid external cybersecurity certification is mandatory; an expired certification disqualifies the assessor (A).

References to SWIFT Customer Security Programme Documents:

•Independent Assessment Process for Assessors Guidelines: Requires active external certification.

•Independent Assessment Framework: Links assessor eligibility to professional credentials.

•CSP_controls_matrix_and_high_test_plan_2025: Validates assessor qualifications.

========

This question examines the messaging capabilities of Alliance Lite2 under the Swift Customer Security Programme (CSP).

Step 1: Understand Alliance Lite2

Alliance Lite2 is a lightweight Swift solution designed for smaller financial institutions, providing access to Swift messaging services. Its capabilities are detailed in theSwift Alliance Lite2 User Guideand referenced in theCSCF v2024context.

Step 2: Analyze the Statement

The statement claims that Alliance Lite2 "only supports the sending and receiving of FIN messages." FIN messages are part of the FIN service for payment transactions, but Alliance Lite2’s scope extends beyond this.

Step 3: Evaluate Against Swift Guidelines

TheSwift Alliance Lite2 User Guidespecifies that Alliance Lite2 supports multiple message types, including:

FIN messages(e.g., MT103 for payments).

FileAct(for file transfers).

InterAct(for real-time messaging).

TheCSCF v2024does not restrict Alliance Lite2 to FIN messages; it applies security controls to all supported services. TheSwift CSP FAQconfirms that Alliance Lite2 users must comply with controls for all active services, not just FIN.

Thus, the statement that it "only supports" FIN messages is false, as it also supports FileAct and InterAct.

Step 4: Conclusion and Verification

The answer isB, as Alliance Lite2 supports more than just FIN messages, including FileAct and InterAct, per theSwift Alliance Lite2 User GuideandCSCF v2024.

References

Swift Alliance Lite2 User Guide, Section: Supported Services.

Swift Customer Security Controls Framework (CSCF) v2024, Control 1.1: Swift Environment Protection.

Swift CSP FAQ, Section: Alliance Lite2 Scope.

Alliance Access (SAA) is a SWIFT messaging interface that allows financial institutions to create, process, and send SWIFT financial messages (e.g., MT messages like MT103 for payments). The "Alliance Access OS administrator" likely refers to an administrator managing the operating system (OS) on which Alliance Access runs, such as a system administrator responsible for server maintenance, patches, and infrastructure. Let’s evaluate the statement:

•The OS administrator’s role is to ensure the underlying hardware and software environment (e.g., Windows or Linux servers) is secure and operational, aligning with CSCF Control "2.3 System Hardening." However, this role does not include creating or sending financial messages, which are business functions performed by authorized users or automated workflows within Alliance Access.

•Creating and sending financial messages requires access to the Alliance Access application, which involves logging into the system with a business user profile and using PKI certificates managed by the HSM for authentication and signing. The OS administrator does not have this authority unless explicitly granted a separate business role, which is not implied by the term "OS administrator."

•SWIFT’s role-based access control separates administrative and operational duties. For example, the Local Security Officer (LSO) or business operators handle message creation, while the OS administrator ensures the platform’s integrity. The CSCF and Alliance Access documentation emphasize that only authorized business users can perform transactional activities.

There is no evidence in SWIFT documentation that an OS administrator has the capability or authorization to create and send financial messages by default. Thus, the statement is false.

References to SWIFT Customer Security Programme Documents:

•SWIFT Customer Security Controls Framework (CSCF) v2024: Control 2.3 focuses on system hardening by OS administrators, not message creation.

•SWIFT Alliance Access Documentation: Details that message creation and sending are business user functions, not OS administrator tasks.

•SWIFT Security Guidelines: Emphasizes role separation for security and operational duties.

CSCF Control "6.1 Security Awareness" mandates training for individuals with SWIFT-critical roles (e.g., LSO, RSO, operators) to ensure they understand security policies and procedures. Let’s evaluate each option:

•Option A: Yes, and a track record must show that both awareness and specific training are performed annually

This is correct. Control 6.1 requires annual security awareness training for all SWIFT-critical personnel, with additional specific training as needed to maintain knowledge. The "Swift Customer SecurityControls Framework v2025" and "Assessment template for Mandatory controls" mandate annual training and require a track record (e.g., logs or certificates) to demonstrate compliance.

•Option B: No, both awareness and specific trainings are planned when deemed required

This is incorrect. The CSCF mandates annual awareness training, not just ad-hoc planning, to ensure consistent security awareness.

•Option C: No, awareness training expected to be performed yearly; specific training to maintain the required knowledge only when needed

This is incorrect. While specific training can be as needed, awareness training is explicitly required annually, making this option partially inaccurate.

•Option D: No, a track record must show that both awareness and specific training are performed at least bi-yearly (every 2 years)

This is incorrect. The CSCF requires annual awareness training, not bi-yearly, as specified in the guidelines.

Summary of Correct Answer:

It is mandated to perform security awareness and specific trainings every year, with a track record (A).

References to SWIFT Customer Security Programme Documents:

•Swift Customer Security Controls Framework v2025: Control 6.1 mandates annual training.

•Assessment template for Mandatory controls: Requires annual training records.

•Independent Assessment Framework: Verifies training frequency.

========

This question addresses database integrity expectations under theSwift Customer Security Controls Framework (CSCF) v2024.

Step 1: Understand Database Integrity Requirements

TheCSCF v2024, underControl 2.7: Database Integrity, mandates protection and monitoring of databases supporting Swift-related components to ensure data integrity and detect anomalies.

Step 2: Evaluate Each Option

A. Nothing is needed when the messaging or connector integrates/embeds an integrity check functionality at each Swift transaction record levelIncorrect. Even with embedded checks,Control 2.7requires additional protection and monitoring of the database and supporting systems, not just reliance on transaction-level checks.Conclusion: Incorrect.

B. When a database is used by a messaging interface or connector, the related hosted database and its supporting system must be protected as a Swift-related component and exceptions alertedCorrect.Control 2.7requires that databases supporting messaging interfaces or connectors be secured (e.g., in a secure zone) and that exceptions (e.g., integrity breaches) be alerted, per theCSCF v2024.Conclusion: Correct.

C. Alerts generated from performed integrity checks are captured and analysed for appropriate treatmentCorrect.Control 2.7andControl 6.1: Security Event Loggingmandate capturing and analyzing integrity check alerts to address potential issues, as detailed in theSwift Security Best Practices.Conclusion: Correct.

Step 3: Conclusion and Verification

The correct answers areB and C, as these align withControl 2.7andControl 6.1requirements for database integrity and monitoring in theCSCF v2024.

References

Swift Customer Security Controls Framework (CSCF) v2024, Control 2.7: Database Integrity, Control 6.1: Security Event Logging.

Swift Security Best Practices, Section: Database Security.

This question assesses whether a short interview with the HR manager providing one example of security training implementation is acceptable for a small infrastructure with only two operators, under the Swift Customer Security Programme (CSP).

Step 1: Understand Security Training Requirements

TheSwift Customer Security Controls Framework (CSCF) v2024, underControl 5.1: Security Training and Awareness, mandates that all personnel with access to Swift-related systems (including operators) receive regular, documented security training. This includes awareness of security policies, procedures, and incident response. The control applies regardless of the size of the infrastructure.

Step 2: Analyze the Scenario

The entity has a small infrastructure with two operators, and the HR manager provides a short interview with one example of security training implementation.

TheIndependent Assessment Frameworkrequires assessors to validate the effectiveness of controls, including evidence of training completion, content, frequency, and attendance records. A risk-based approach allows flexibility, but minimum evidence standards must still be met.

Step 3: Evaluate Against CSCF Guidelines

Control 5.1specifies that training must be documented, with evidence such as training logs, attendance records, or certification. A single interview with one example does not provide sufficient evidence to demonstrate:

That all operators (both in this case) have been trained.

The frequency and comprehensiveness of the training program.

The effectiveness of the training (e.g., understanding and application).

TheSwift CSP FAQandSecurity Best Practicesnote that even for small entities, assessors must see multiple pieces of evidence (e.g., training schedules, materials, test results) to confirm compliance, especially during an independent assessment.

A risk-based testing approach (mentioned in option A) allows tailoring the depth of evidence based on risk, but it does not exempt small entities from providing more than a single anecdotal example. TheIndependent Assessment Frameworkrequires objective evidence, not just verbal assurances.

Step 4: Conclusion and Verification

The answer isB, as a short interview with one example is insufficient to meet the evidence requirements ofControl 5.1in theCSCF v2024. More evidence (e.g., training records, attendance logs, or test results) is required to validate compliance, even for a small infrastructure.

References

Swift Customer Security Controls Framework (CSCF) v2024, Control 5.1: Security Training and Awareness.

Swift Independent Assessment Framework, Section: Evidence Requirements.

Swift Security Best Practices, Section: Training Documentation.

Swift CSP FAQ, Section: Small Entity Compliance.

This question focuses on the authentication method for online SwiftNet Security Officers (SOs), who manage security-related functions for a Swift user.

Step 1: Understand the Role of SwiftNet Security Officers

SwiftNet Security Officers are responsible for managing security settings, such as PKI certificates and user roles, within the Swift environment. Their authentication is critical to ensure secure access, as outlined inControl 2.3: System Access Controlof theCSCF v2024.

Step 2: Evaluate Each Option

A. Via their PKI certificatePKI certificates are used for securing message exchanges and connectivity within the SwiftNet environment (e.g., signing messages), but they are not the primary method for authenticating Security Officers when accessing SwiftNet services online (e.g., via swift.com). Security Officerstypically use a user account for such access, not a PKI certificate directly.Conclusion: This is incorrect.

B. Via their swift.com account and secure code cardSwiftNet Security Officers authenticate to swift.com using their swift.com account credentials combined with a secure code card (a physical token that generates one-time codes). This two-factor authentication method is standard for high-privilege roles like Security Officers, as detailed in theSwift Security Best PracticesandControl 2.3, which mandates multi-factor authentication for privileged users.Conclusion: This is correct.

C. Via their swift.com accountWhile a swift.com account is part of the authentication process, relying solely on the account (e.g., username and password) does not meet Swift’s security requirements for Security Officers. Multi-factor authentication, including a secure code card, is required for such roles.Conclusion: This is incorrect.

Step 3: Conclusion and Verification

The correct answer isB, as SwiftNet Security Officers are authenticated using their swift.com account and a secure code card, aligning with Swift’s multi-factor authentication requirements for privileged users.

References

Swift Customer Security Controls Framework (CSCF) v2024, Control 2.3: System Access Control.

Swift Security Best Practices, Section: Authentication for Security Officers.

Swift User Handbook, Section: Security Officer Authentication.

This question determines the scope of the CSCF for a Treasury Management System (TMS) and an MQ server (customer connector) installed on the same machine.

Step 1: Understand CSCF Scope

TheCSCF v2024defines its scope as systems directly involved in Swift messaging, connectivity, or security (e.g., customer connectors, messaging interfaces), as perControl 1.1: Swift Environment Protection. Back-office systems, like TMS, are typically out of scope unless they directly process Swift messages.

Step 2: Analyze the Scenario

TMS Application: A Treasury Management System is a back-office application for financial management, not a Swift messaging component. TheCSCF v2024excludes back-office systems from mandatory scope unless they pose a direct risk to Swift components.

MQ Server (Customer Connector): This middleware server connects to a Service Bureau, facilitating Swift traffic, making it in scope perControl 1.1.

Hosting System: The machine hosting both applications is in scope only to the extent it supports the MQ server, not the TMS.

Step 3: Evaluate Each Option

A. The TMS application, the MQ server and hosting system are in the scope of the CSCF and must be placed in a secure zoneIncorrect. The TMS is out of scope, and the hosting system’s inclusion depends on the MQ server, not the TMS.Conclusion: Incorrect.

B. The TMS application, the MQ server and hosting system enters the scope of the CSCF advisory and should be placed in a secure zoneIncorrect. The CSCF advisory scope applies to best practices, not mandatory controls, and does not mandate a secure zone for out-of-scope TMS.Conclusion: Incorrect.

C. Only the MQ server application is in scope of the CSCF. The TMS application is considered as back-officeCorrect. The MQ server is a customer connector, in scope perControl 1.1, while the TMS is a back-office system, excluded from mandatory scope per theCSCF v2024Introduction.Conclusion: Correct.

D. The TMS application is the highest risk and must be secured appropriately. The MQ server should be secured on a best effort basisIncorrect. The MQ server, as a Swift component, has higher CSCF priority, while TMS risk is managed outside CSCF scope.Conclusion: Incorrect.

Step 4: Conclusion and Verification

The correct answer isC, as only the MQ server is in scope, and the TMS is a back-office system excluded from CSCF requirements.

References

Swift Customer Security Controls Framework (CSCF) v2024, Control 1.1: Swift Environment Protection, Introduction Section: Scope.

Swift CSP FAQ, Section: Back-Office Systems.

The "Independent Assessment Framework" and "Independent Assessment Process for Assessors Guidelines" mandate that CSP assessments and attestations be conducted by an independent, certified assessor, not the user’s internal audit department. Let’s evaluate each option:

•Option A: Yes, providing this is agreed by the head of IT operations and the CISO

This is incorrect. Internal agreement does not override the CSP’s requirement for independence.

•Option B: No, this is never an option

This is correct. The CSP prohibits internal audit departments from submitting or approving attestations on the KYC-SA portal, as they lack the independence required by the "Independent Assessment Framework." Only an external, certified assessor can perform and approve the assessment, with the CISO or designated user submitting the attestation based on the assessor’s report.

•Option C: Yes, an internal auditor can submit the attestation for approval provided they have the appropriate credentials for swift.com. The CISO remains in charge of the approval of the attestation

This is incorrect. Internal auditors cannot submit or approve attestations, even with credentials, due to the independence requirement.

•Option D: Yes, with approval from the Chief Auditor

This is incorrect. Chief Auditor approval does not satisfy the CSP’s independence mandate.

Summary of Correct Answer:

An internal audit department cannot submit or approve the attestation (B).

References to SWIFT Customer Security Programme Documents:

•Independent Assessment Framework: Requires independent assessors.

•Independent Assessment Process for Assessors Guidelines: Prohibits internal assessments for attestation.

•Swift_CSP_Assessment_Report_Template: Specifies external assessor input.

========

Alliance Messaging Hub (AMH) is a SWIFT product designed as a centralized messaging platform for financial institutions, enabling them to manage multiple messaging flows, including SWIFT and non-SWIFT networks. Let’s evaluate each statement:

•Statement A: AMH is highly resilient, and can consist of multiple instances and sites in parallel

This is true. AMH is designed for high availability and resilience, supporting deployments across multiple instances and sites to ensure continuity of operations. This capability is critical for large financial institutions handling high volumes of transactions. SWIFT documentation highlights AMH’s ability to operate in a distributed architecture, with instances running in parallel across primary and backup sites. This aligns with CSCF Control "1.1 SWIFT Environment Protection," which emphasizes the need for resilient infrastructure to prevent disruptions in the SWIFT environment.

•Statement B: AMH provides advanced integration capabilities

This is true. AMH offers advanced integration features, allowing institutions to connect various back-office systems, payment engines, and other financial applications to a single hub. It supports multiple message standards (e.g., SWIFT MT, ISO 20022) and provides transformation and routing capabilities, making it a versatile integration platform. This is a key selling point of AMH, as noted in SWIFT’s product documentation, enabling seamless interoperability across diverse systems.

•Statement C: AMH is a messaging interface able to connect to other financial networks, not only SWIFT

This is true. AMH is not limited to SWIFT messaging; it can connect to other financial networks, such as domestic payment systems, real-time gross settlement (RTGS) systems, or proprietary networks. AMH acts as a universal messaging hub, supporting multiple protocols and standards beyond SWIFT’s ecosystem (e.g., FIX for securities trading). This capability is well-documented in SWIFT’s AMH product overview, positioning it as a flexible solution for institutions with diverse connectivity needs.

•Statement D: All of the above

Since all three statements (A, B, and C) are true, this option is the correct answer. AMH’s design for resilience, advanced integration, and multi-network connectivity makes it a comprehensive messaging solution.

Summary of Correct Answer:

All statements about AMH are true, making "All of the above" (D) the correct choice.

References to SWIFT Customer Security Programme Documents:

•SWIFT Customer Security Controls Framework (CSCF) v2024: Control 1.1 emphasizes resilience, which AMH supports through its architecture.

•SWIFT Alliance Messaging Hub Documentation: Highlights AMH’s multi-site resilience, integration capabilities, and support for non-SWIFT networks.

•SWIFT Product Overview: Describes AMH as a universal messaging hub for SWIFT and other financial networks.

========

The "Independent Assessment Process for Assessors Guidelines" governs the conduct of CSP assessments, including location and method. Let’s evaluate each option:

•Option A: Remote assessments are not permitted under any circumstances

This is incorrect. The CSP allows remote assessments under specific conditions, as clarified in the guidelines, not an absolute prohibition.

•Option B: This is permitted provided the same level of comfort can be guaranteed

This is incorrect. While ensuring equivalent assurance is important, the CSP requires formal validation for remote assessments, not just assessor discretion.

•Option C: It is possible to perform an assessment remotely only with valid reasons. These reasons must be formally validated by SWIFT CSP office

This is correct. The "Independent Assessment Process for Assessors Guidelines" permits remote assessments when justified (e.g., geographical distance, logistical challenges), but such arrangements must be approved by the SWIFT CSP office to ensure compliance and security. This aligns with the "Independent Assessment Framework" emphasis on maintaining assessment integrity.

•Option D: It is not allowed to conduct an assessment remotely under any circumstances. However, force majeure circumstances like the global pandemic are an exception to this

This is incorrect. The CSP does not categorically ban remote assessments; it allows them with prior validation, not just as exceptions for force majeure.

Summary of Correct Answer:

Remote assessments are permitted with valid reasons and formal validation by the SWIFT CSP office (C).

References to SWIFT Customer Security Programme Documents:

•Independent Assessment Process for Assessors Guidelines: Allows remote assessments with approval.

•Independent Assessment Framework: Ensures assessment integrity.

•CSP_controls_matrix_and_high_test_plan_2025: Supports validated remote methods.

========

This question relates to the objective of Control 1.1 – SWIFT Environment Protection in the CSCF:

Step 1: Control 1.1 Overview

Control 1.1 aims to “restrict access to the SWIFT infrastructure by segregating it from the general IT environment and external threats,” protecting against unauthorized access and malware.

This question requires identifying the architecture type based on the SWIFT CSP Architecture Types (defined in CSCF documentation) for a user with an sFTP server pushing files to an outsourcing agent hosting the Communication Interface:

Step 1: Define the Scenario

The SWIFT user uses an sFTP server to transfer files to an outsourcing agent, which hosts the user’s Communication Interface (e.g., SWIFT Alliance Gateway). The Communication Interface connects to the SWIFT network.

Step 2: SWIFT Architecture Types Overview

A1: Full in-house stack (Messaging Interface, Communication Interface, etc.).

A3: Communication Interface hosted by a service provider/outsourcing agent; back-office or middleware connects to it.

A4: Both Messaging and Communication Interfaces hosted by a service provider.

B: Alliance Lite2 (direct cloud-based connectivity).

The Swift Customer Security Controls Framework (CSCF) defines the scope of components that must comply with its security controls. This scope is detailed in theCSCF v2024(and prior versions like CSCF v2023), which specifies that the CSCF applies to systems directly involved in the Swift messaging and connectivity ecosystem. Let’s analyze the diagram to identify which components fall within this scope.

Step 1: Understand the Scope of CSCF

According to theSwift Customer Security Controls Framework (CSCF) v2024, the scope includes:

Swift messaging interfaces(e.g., Alliance Access/Entry, RMA).

Communication interfacesto the Swift network (e.g., SNL, HSM, PKI).

Operator systemsdirectly interacting with Swift components (e.g., GUIs, admin/operator workstations).

Middlewareor connectors directly facilitating Swift message flows.Systems that are not directly involved in Swift messaging or connectivity (e.g., back-office systems, general-purpose servers) are typically out of scope unless they pose a direct risk to the Swift environment.

Step 2: Analyze the Diagram and Identify Components

The diagram includes the following labeled components:

A. Back Office: A system for back-office operations, not directly part of Swift messaging.

B. Back Office Using Middleware Client: A back-office system with middleware for data exchange.

C. Messaging Interface: Likely a Swift messaging interface (e.g., Alliance Access).

D. RMA: Relationship Management Application, a Swift component for managing messaging relationships.

E. GUI: Graphical User Interface for operators to interact with the messaging interface.

F. Communication Interface: Interface for connecting to the Swift network.

G. SNL: SwiftNet Link, a communication layer for Swift connectivity.

H. HSM & PKI: Hardware Security Module and Public Key Infrastructure, used for secure Swift connectivity.

I. Middleware File Transfer Servers: Servers facilitating data exchange between back-office and Swift systems.

J, K, L. Data Exchange Paths: Represent data flows between systems (not components themselves).

M. Operator (End User): The operator’s workstation interacting with the Swift GUI.

N. Connector: The connection point to the Swift network.

Step 3: Evaluate Each Option Against CSCF Scope

A. Components A, B, K

A (Back Office): Back-office systems are not in scope unless they directly process Swift messages. The CSCF focuses on Swift-specific infrastructure, and back-office systems are typically considered out of scope unless they pose a direct risk (e.g., via middleware).

B (Back Office Using Middleware Client): While this system uses middleware to exchange data with Swift components, it is still a back-office system, not a core Swift component. The middleware itself (I) may be in scope, but the client (B) is not.

K (Data Exchange Path): This is a data flow, not a component, and thus not directly in scope.Conclusion: This option is incorrect.

B. Components J, K, I

J, K (Data Exchange Paths): These are data flows, not components, and are not directly in scope.

I (Middleware File Transfer Servers): Middleware that facilitates Swift message flows (e.g., between back-office and messaging interface) can be in scope if it directlyprocesses or transmits Swift messages. PerControl 1.1: Swift Environment Protection, middleware in the Swift data flow must be secured, making it in scope. However, this option pairs I with J and K, which are not components.Conclusion: This option is incorrect due to J and K, though I alone would be in scope.

C. Components F, G, H

F (Communication Interface): This is the interface connecting to the Swift network, clearly in scope perControl 1.1.

G (SNL): SwiftNet Link is a core communication component for Swift connectivity, in scope perControl 1.1.

H (HSM & PKI): HSM and PKI are critical for secure Swift connectivity, in scope perControl 1.1.Conclusion: This option is correct.

D. Components C, E, M

C (Messaging Interface): This is a core Swift component (e.g., Alliance Access), in scope perControl 1.1.

E (GUI): The GUI used by operators to interact with the messaging interface is in scope, as specified inControl 1.2: Logical Access Control, which includes operator systems.

M (Operator End User): The operator’s workstation is in scope as it directly interacts with Swift systems, perControl 1.2.Conclusion: This option is correct.

Step 4: Conclusion and Verification

The components in scope of the CSCF are those directly involved in Swift messaging, connectivity, and operator interaction. Based on the analysis:

C (F, G, H)includes communication components, all in scope.

D (C, E, M)includes the messaging interface, GUI, and operator workstation, all in scope.Components A, B, and data exchange paths (J, K, L) are not directly in scope, though middleware (I) would be if considered separately.

References

Swift Customer Security Controls Framework (CSCF) v2024, Control 1.1: Swift Environment Protection.

Swift Customer Security Programme – Scope and Applicability, Section: CSCF Scope Definition.

CSCF v2024, Control 1.2: Logical Access Control.

This question examines whether an internal audit department can submit and approve a Swift user’s attestation on the KYC-SA Swift portal.

Step 1: Understand Attestation Process

TheIndependent Assessment FrameworkandCSCF v2024require attestations to be submitted by an independent party or authorized user representative, not the internal audit department, to ensure objectivity.

Step 2: Evaluate Each Option

A. Yes, providing this is agreed by the head of IT operations and the CISOInternal audit cannot submit or approve attestations, regardless of internal agreements, per theIndependent Assessment Framework.Conclusion: Incorrect.

B. No, this is never an optionTheCSCF v2024andSwift CSP Compliance Guidelinesprohibit internal audit from submitting or approving attestations, as they lack independence from the audited entity.Conclusion: Correct.

C. Yes, an internal auditor can submit the attestation for approval provided they have the appropriate credentials for swift.com. The CISO remains in charge of the approval of the attestationIncorrect. Internal auditors cannot submit or approve, even with credentials, due to independence requirements.Conclusion: Incorrect.

D. Yes, with approval from the Chief auditorIncorrect. Chief auditor approval does not override the independence requirement.Conclusion: Incorrect.

Step 3: Conclusion and Verification

The correct answer isB, as theCSCF v2024andIndependent Assessment Frameworkprohibit internal audit from submitting or approving attestations.

References

Swift Customer Security Controls Framework (CSCF) v2024, Section: Independent Assessment.

Swift Independent Assessment Framework, Section: Attestation Submission.

Swift CSP Compliance Guidelines, Section: Independence Requirements.

SWIFT Public Key Infrastructure (PKI) certificates are cryptographic credentials used to secure communications over the SWIFT network. Let’s evaluate each option:

•Option A: Asymmetric signing and encryption end to end

This is correct. SWIFT PKI certificates utilize asymmetric cryptography (public and private key pairs) for both signing and encryption. Signing ensures the authenticity and integrity of messages (e.g., verifying the sender), while encryption provides confidentiality end to end—from the sender’s environment to the receiver’s environment across the SWIFT network. This end-to-end security is achieved using PKI certificates managed by Hardware Security Modules (HSMs), as mandated by CSCF Control "1.3 Cryptographic Failover." SWIFT documentation confirms that PKI supports full message security throughout the transmission process.

•Option B: Asymmetric signing and encryption end to SWIFT only

This is incorrect. The security provided by PKI certificates extends beyond just the connection to SWIFT (e.g., to the SWIFT Secure IP Network). It covers the entire message journey, including the recipient’s environment, ensuring end-to-end protection rather than stopping at SWIFT’s boundary.

•Option C: Symmetric encryption only

This is incorrect. SWIFT PKI relies on asymmetric cryptography for key exchange and signing, not symmetric encryption alone. While symmetric encryption may be used internally (e.g., for session keys derived from asymmetric key exchange), the PKI certificates themselves are based on asymmetric algorithms (e.g., RSA), as outlined in SWIFT’s security guidelines.

•Option D: Asymmetric signing only

This is incorrect. PKI certificates are used for both asymmetric signing (for authenticity and integrity) and encryption (for confidentiality), not just signing. The dual purpose is essential for the secure transmission of SWIFT messages.

Summary of Correct Answer:

SWIFT PKI certificates are used for asymmetric signing and encryption end to end (A), ensuring comprehensive security.

References to SWIFT Customer Security Programme Documents:

•SWIFT Customer Security Controls Framework (CSCF) v2024: Control 1.3 specifies the use of PKI for end-to-end security.

•SWIFT Security Guidelines: Details PKI usage for asymmetric signing and encryption.

•SWIFT PKI Documentation: Confirms end-to-end cryptographic protection using PKI certificates.

========

The "Independent Assessment Framework" and "Independent Assessment Process for Assessors Guidelines" require that the CSP assessment be conducted by an independent, certified assessor, with the resulting "CSCF Assessment Completion Letter" being a key deliverable. Let’s evaluate each option:

•Option A: The Internal audit lead assessor and the external company lead assessor

This is incorrect. The CSP prohibits reliance on internal audits for the completion letter due to the independence requirement. Only the external assessor’s letter is valid, as per the "Independent Assessment Framework."

•Option B: The Internal audit lead assessor only

This is incorrect. Internal audits lack the independence needed to issue the completion letter, which must come from an external assessor.

•Option C: The External company lead assessor only

This is correct. The "Independent Assessment Process for Assessors Guidelines" mandates that the completion letter be provided by the lead assessor from the external assessment company, as they are the independent entity conducting the assessment. The internal audit’s involvement is supplementary and cannot replace the external assessor’s responsibility.

•Option D: None of them, it is not required when an internal department was involved in the assessment

This is incorrect. A completion letter is always required, and internal involvement does not waive this requirement; it must be issued by the external assessor.

Summary of Correct Answer:

Only the external company lead assessor needs to provide the completion letter (C).

References to SWIFT Customer Security Programme Documents:

•Independent Assessment Framework: Requires an independent assessor’s completion letter.

•Independent Assessment Process for Assessors Guidelines: Specifies external assessor responsibility.

•CSCF Assessment Completion Letter: Issued by the external assessor.

========

This question pertains to Control 7.3 – Physical Security in the CSCF:

Step 1: Control 7.3 Overview

Control 7.3 focuses on “physically securing SWIFT-related systems and components” (e.g., servers, HSMs) within the user’s premises to prevent unauthorized access, tampering, or theft.

The SWIFT CSP defines architecture types (A1 to A4) based on the components a user owns and manages, as outlined in the "CSP Architecture Type - Decision tree" and "Swift Customer Security Controls Framework v2025." These types determine the applicable security controls and assessment requirements. Let’s analyze the scenario and options:

•A customer connector is a component (e.g., a custom application or integration layer) that connects to SWIFT services, such as through the SWIFT API or a messaging interface. It handles data flows but is not a standard SWIFT-provided interface.

•A communication interface refers to a component like Alliance Gateway (SAG), which manages connectivity to the SWIFT network via SwiftNet Link (SNL) and VPN boxes.

•The architecture types are:

oA1: Full stack (owns messaging interface, communication interface, and network components, e.g., Alliance Access, Alliance Gateway, VPN boxes).

oA2: Owns a customer connector and communication interface, with the messaging interface hosted elsewhere (e.g., by a service bureau or SWIFT).

oA3: Owns only a customer connector, relying on external communication and messaging interfaces.

oA4: Uses a fully hosted solution (e.g., Alliance Cloud or Lite2), owning no local components.

•In this case, the user owns a customer connector and a communication interface but does not mention owning a messaging interface (e.g., Alliance Access). This matches the A2 architecture type, where the user manages a custom integration (connector) and the communication layer (e.g., SAG), while the messaging interface is provided by another party (e.g., a service bureau or SWIFT-hosted environment). The "CSP Architecture Type - Decision tree" confirms this classification, and the "Assessment template for Mandatory controls" applies A2-specific requirements.

•Option A: A1

This is incorrect. A1 requires ownership of a messaging interface (e.g., Alliance Access), which is not mentioned.

•Option B: A2

This is correct. A2 fits the scenario of owning a customer connector and communication interface without a messaging interface.

•Option C: A3

This is incorrect. A3 involves only a customer connector, not a communication interface.

•Option D: A4

This is incorrect. A4 applies to fully hosted solutions with no local ownership of connectors or interfaces.

Summary of Correct Answer:

The SWIFT user with a customer connector and a communication interface is of architecture type A2 (B).

References to SWIFT Customer Security Programme Documents:

•Swift Customer Security Controls Framework v2025: Defines architecture types A1-A4.

•CSP Architecture Type - Decision tree: Classifies A2 for customer connector and communication interface ownership.

•Assessment template for Mandatory controls: Applies to A2 architecture.

SwiftNet Security Officers (e.g., Local Security Officer [LSO] or Remote Security Officer [RSO]) are responsible for managing security functions in the SWIFT environment, such as configuring accesscontrols and managing PKI certificates. Authentication for online access to SwiftNet services (e.g., via the Alliance Web Platform) is a critical security measure. Let’s evaluate each option:

•Option A: Via their PKI certificate

This is incorrect. While PKI certificates are used for authenticating and signing SWIFT messages or securing communications, they are not the primary method for authenticating security officers’ online access to SwiftNet management interfaces. PKI certificates are managed by the HSM and used by applications or users for message-level security, not for logging into administrative portals.

•Option B: Via their swift.com account and secure code card

This is correct. Online SwiftNet Security Officers are authenticated using a combination of their swift.com account (a username and password managed through SWIFT’s customer portal) and a secure code card (a physical or virtual token providing a one-time password or multi-factor authentication code). This two-factor authentication (2FA) method ensures robust access control, aligning with CSCF Control "6.1 Security Awareness" and SWIFT’s emphasis on multi-layered security. SWIFT documentation for the Alliance suite and SwiftNet confirms this authentication process for security officers accessing online tools.

•Option C: Via their swift.com account

This is incorrect. Relying solely on a swift.com account (username and password) is insufficient for authenticating security officers, as it lacks the additional security layer required for sensitive administrative access. SWIFT mandates multi-factor authentication, typically involving a secure code card, to comply with security standards.

Summary of Correct Answer:

Online SwiftNet Security Officers are authenticated via their swift.com account and secure code card (B), ensuring secure access to management functions.

References to SWIFT Customer Security Programme Documents:

•SWIFT Customer Security Controls Framework (CSCF) v2024: Control 6.1 supports multi-factor authentication for security officers.

•SWIFT Alliance Security Documentation: Details the use of swift.com accounts and secure code cards for LSO/RSO authentication.

•SWIFT SwiftNet Guidelines: Confirms 2FA for online security officer access.

========

The CSCF defines the scope of environments for a SWIFT user CSP assessment, focusing on environments that handle live SWIFT transactions or are critical to operational continuity. The "Swift Customer Security Controls Framework v2025" and "Independent Assessment Framework" provide guidance on scope. Let’s evaluate each option, assuming the environments are separated:

•Option A: SWIFT infrastructure (sometimes known as Live)

This is in scope. The live environment, where actual SWIFT transactions are processed (e.g., Alliance Access sending MT103 messages), is the primary focus of the CSCF. Controls like "1.1 SWIFTEnvironment Protection" and "2.1 Internal Data Transmission Security" apply directly to this environment.

•Option B: Development

This is not in scope. Development environments, used for building or testing applications before deployment, are typically out of scope if they are fully separated from live systems and do not process real SWIFT data. The "Independent Assessment Framework" excludes development environments unless they are integrated with live systems, which the question assumes is not the case.

•Option C: Disaster Recovery

This is in scope. Disaster Recovery (DR) environments are designed to take over in case of a failure in the live environment. Since they can process live SWIFT transactions during a failover, they must comply with CSCF controls (e.g., Control "1.1") to ensure continuity and security.

•Option D: Cold backup systems

This is in scope. Cold backup systems, while not actively processing transactions, are part of the SWIFT infrastructure’s resilience strategy. They must be secured to prevent compromise (e.g., CSCF Control "1.2 Physical Security") and are included in the assessment scope per the "Assessment template for Mandatory controls."

Summary of Correct Answer:

The Development environment (B) is not in scope for a SWIFT user CSP assessment if separated from live systems.

References to SWIFT Customer Security Programme Documents:

•Swift Customer Security Controls Framework v2025: Excludes development environments from scope if separated.

•Independent Assessment Framework: Focuses on live, DR, and backup environments.

•Assessment template for Mandatory controls: Includes DR and backup systems in scope.

========