CSCF Control "4.2 Intrusion Detection" requires SWIFT users to detect unauthorized access or activities within the SWIFT environment. The "Swift Customer Security Controls Framework v2025" allows flexibility in meeting this control using various technologies. Let’s evaluate each option:
•Option A: NIDS (Network Intrusion Detection System)
This is valid. NIDS monitors network traffic to detect intrusions (e.g., on VPN boxes), aligning with Control "4.2" by identifying external threats.
•Option B: HIDS (Host Intrusion Detection System)
This is valid. HIDS monitors individual hosts (e.g., servers running Alliance Access) for suspicious activities, supporting Control "4.2" for internal threat detection.
•Option C: EDR and XDR (Endpoint Detection and Response, Extended Detection and Response)
This is valid. EDR and XDR provide advanced monitoring and response capabilities for endpoints and across environments, meeting Control "4.2" requirements for detecting and responding to intrusions.
•Option D: A combination of all of the above
This is correct. The CSCF encourages a layered security approach, and the "CSP_controls_matrix_and_high_test_plan_2025" and "Assessment template for Mandatory controls" accept a combination of NIDS, HIDS, EDR, and XDR to comprehensively meet Control "4.2," depending on the architecture and risk profile.
Summary of Correct Answer:
Intrusion Detection Control can be met through a combination of NIDS, HIDS, EDR, and XDR (D).
References to SWIFT Customer Security Programme Documents:
•Swift Customer Security Controls Framework v2025: Control 4.2 allows multiple detection technologies.
•CSP_controls_matrix_and_high_test_plan_2025: Supports combined approaches.
•Assessment template for Mandatory controls: Includes various intrusion detection methods.
========
