CSCF Control "1.1 SWIFT Environment Protection" aims to secure the SWIFT infrastructure by isolating it from external threats and internal risks. The "Swift Customer Security Controls Framework v2025" details its objectives. Let’s evaluate each option:
•Option A: Restrict malicious access from external sources
This applies. Control 1.1 requires isolating the SWIFT secure zone from external sources (e.g., the Internet) to prevent malicious access, such as malware or unauthorized intrusions.
•Option B: Forbids any interactive sessions towards the SWIFT infrastructure
This does not apply. Control 1.1 does not forbid all interactive sessions. It allows controlled interactive access (e.g., via jump servers) for administrative purposes, provided sessions are secured (e.g., encrypted per Control "2.1 Internal Data Transmission Security"). The "CSP_controls_matrix_and_high_test_plan_2025" permits interactive sessions with proper controls.
•Option C: Limit risks of privileged accounts compromise
This applies. Control 1.1 includes measures to secure privileged accounts (e.g., by enforcing strong authentication and role-based access control) to prevent compromise, aligning with CSCF principles.
•Option D: Limit risks of lateral movement
This applies. Control 1.1 aims to segment the SWIFT environment from the general IT environment, reducing the risk of lateral movement by attackers within the network.
Summary of Correct Answer:
Forbidding any interactive sessions (B) does not apply, as Control 1.1 allows controlled interactive access.
References to SWIFT Customer Security Programme Documents:
•Swift Customer Security Controls Framework v2025: Control 1.1 objectives include restricting access and limiting risks, but not banning interactive sessions.
•CSP_controls_matrix_and_high_test_plan_2025: Confirms controlled interactive sessions are permitted.
•Independent Assessment Framework: Assesses secure access controls under 1.1.
========
