This question addresses database integrity expectations under theSwift Customer Security Controls Framework (CSCF) v2024.
Step 1: Understand Database Integrity Requirements
TheCSCF v2024, underControl 2.7: Database Integrity, mandates protection and monitoring of databases supporting Swift-related components to ensure data integrity and detect anomalies.
Step 2: Evaluate Each Option
A. Nothing is needed when the messaging or connector integrates/embeds an integrity check functionality at each Swift transaction record levelIncorrect. Even with embedded checks,Control 2.7requires additional protection and monitoring of the database and supporting systems, not just reliance on transaction-level checks.Conclusion: Incorrect.
B. When a database is used by a messaging interface or connector, the related hosted database and its supporting system must be protected as a Swift-related component and exceptions alertedCorrect.Control 2.7requires that databases supporting messaging interfaces or connectors be secured (e.g., in a secure zone) and that exceptions (e.g., integrity breaches) be alerted, per theCSCF v2024.Conclusion: Correct.
C. Alerts generated from performed integrity checks are captured and analysed for appropriate treatmentCorrect.Control 2.7andControl 6.1: Security Event Loggingmandate capturing and analyzing integrity check alerts to address potential issues, as detailed in theSwift Security Best Practices.Conclusion: Correct.
Step 3: Conclusion and Verification
The correct answers areB and C, as these align withControl 2.7andControl 6.1requirements for database integrity and monitoring in theCSCF v2024.
References
Swift Customer Security Controls Framework (CSCF) v2024, Control 2.7: Database Integrity, Control 6.1: Security Event Logging.
Swift Security Best Practices, Section: Database Security.
