CSP-Assessor Customer Security Programme Assessor Certification(CSPAC) Questions and Answers

This question pertains to the Alliance Web Platform (AWP) Single Edition (SE) Administrator’s capabilities:

Step 1: AWP SE Overview

AWP SE is a web-based interface for managing SWIFT services (e.g., Alliance Lite2, monitoring tools). It’s primarily GUI-driven, unlike Alliance Access, which supports command-line operations.

SWIFT Public Key Infrastructure (PKI) certificates are cryptographic credentials used to secure communications over the SWIFT network. Let’s evaluate each option:

• Option A: Asymmetric signing and encryption end to end

This is correct. SWIFT PKI certificates utilize asymmetric cryptography (public and private key pairs) for both signing and encryption. Signing ensures the authenticity and integrity of messages (e.g., verifying the sender), while encryption provides confidentiality end to end—from the sender’s environment to the receiver’s environment across the SWIFT network. This end-to-end security is achieved using PKI certificates managed by Hardware Security Modules (HSMs), as mandated by CSCF Control "1.3 Cryptographic Failover." SWIFT documentation confirms that PKI supports full message security throughout the transmission process.

• Option B: Asymmetric signing and encryption end to SWIFT only

This is incorrect. The security provided by PKI certificates extends beyond just the connection to SWIFT (e.g., to the SWIFT Secure IP Network). It covers the entire message journey, including the recipient’s environment, ensuring end-to-end protection rather than stopping at SWIFT’s boundary.

• Option C: Symmetric encryption only

This is incorrect. SWIFT PKI relies on asymmetric cryptography for key exchange and signing, not symmetric encryption alone. While symmetric encryption may be used internally (e.g., for session keys derived from asymmetric key exchange), the PKI certificates themselves are based on asymmetric algorithms (e.g., RSA), as outlined in SWIFT’s security guidelines.

• Option D: Asymmetric signing only

This is incorrect. PKI certificates are used for both asymmetric signing (for authenticity and integrity) and encryption (for confidentiality), not just signing. The dual purpose is essential for the secure transmission of SWIFT messages.

Summary of Correct Answer:

SWIFT PKI certificates are used for asymmetric signing and encryption end to end (A), ensuring comprehensive security.

References to SWIFT Customer Security Programme Documents:

• SWIFT Customer Security Controls Framework (CSCF) v2024: Control 1.3 specifies the use of PKI for end-to-end security.

• SWIFT Security Guidelines: Details PKI usage for asymmetric signing and encryption.

• SWIFT PKI Documentation: Confirms end-to-end cryptographic protection using PKI certificates.

========

The "SWIFT footprint" refers to the extent of SWIFT-related infrastructure (hardware, software, and connectivity components) that a user must manage within their environment. A smaller footprint means less local infrastructure to maintain, typically achieved through cloud-based or managed services. Let’s evaluate each option:

• Option A: Full stack of products up to the Messaging Interface

This refers to an on-premises deployment where the user manages a complete set of SWIFT components, including the messaging interface (e.g., Alliance Access), communication interface (e.g., Alliance Gateway), SwiftNet Link (SNL), HSM, and VPN boxes for connectivity to the SWIFT network. This setup requires significant local infrastructure, including servers, security devices, and network components, resulting in a large SWIFT footprint.

• Option B: Alliance Remote Gateway

Alliance Remote Gateway (ARG) is a service where the Alliance Gateway is hosted remotely by SWIFT or a third party, but the user still maintains a messaging interface (e.g., Alliance Access) locally. While this reduces the footprint slightly by outsourcing the communication interface, the user still manages the messaging interface, HSM, and local connectivity components, resulting in a moderate footprint.

• Option C: Lite 2 or Alliance Cloud

This is the correct answer. Alliance Lite2 and Alliance Cloud are cloud-based solutions designed for smaller institutions or those seeking a minimal local footprint. In Alliance Lite2, the user connects to SWIFT via a lightweight client (Alliance Lite2 AutoClient) or a browser-based interface, with most infrastructure (e.g., messaging interface, communication interface, HSM) hosted by SWIFT in the cloud. Alliance Cloud similarly hosts the full SWIFT stack (including Alliance Access and Alliance Gateway) in a SWIFT-managed cloud environment, requiring only minimal local infrastructure (e.g., a secure connection to the cloud). This results in the smallest SWIFT footprint, as the user manages very little on-premises infrastructure. The CSCF still applies, but many controls are managed by SWIFT (e.g., "1.1 SWIFT Environment Protection").

• Option D: A user with a Messaging Interface behind a Service Bureau

A Service Bureau is a third-party provider that hosts SWIFT infrastructure (e.g., Alliance Gateway, SNL) for multiple users, but the user still maintains a local messaging interface (e.g., Alliance Access) to connect to the Service Bureau. This setup reduces the footprint compared to a full on-premises deployment, as the user does not manage the communication interface or network connectivity components. However, the local messaging interface and associated security components (e.g., HSM) still constitute a larger footprint than a fully cloud-based solution like Alliance Lite2 or Alliance Cloud.

Summary of Correct Answer:

Alliance Lite2 or Alliance Cloud (C) has the smallest SWIFT footprint, as most infrastructure is hosted in the cloud by SWIFT, minimizing the user’s local management responsibilities.

References to SWIFT Customer Security Programme Documents:

• SWIFT Customer Security Controls Framework (CSCF) v2024: Control 1.1 applies to cloud deployments like Alliance Cloud, reducing the user’s local footprint.

• SWIFT Alliance Lite2 Documentation: Describes the minimal infrastructure required for Lite2 users.

• SWIFT Alliance Cloud Documentation: Highlights the fully hosted nature of the solution, minimizing the SWIFT footprint.

========

The restriction of Internet access is a key control under the CSCF, specifically tied to Control "1.1 SWIFT Environment Protection," which mandates that SWIFT-related components in the secure zone be isolated from the general IT environment and the Internet to prevent unauthorized access and attacks. Let’s evaluate the options:

• Option A: Yes, because if there is no secure zone, then the internet connectivity does not need to be restricted

This is incorrect. The CSCF applies to all SWIFT users, regardless of whether they maintain a local secure zone. Even if SWIFT-related components (e.g., a customer connector or operator PC) are hosted externally (e.g., by a service provider), the user’s endpoints (e.g., operator PCs accessing the application) must still adhere to security controls, including restricting Internet access where applicable. The "Independent Assessment Framework" requires assessing all in-scope components, not just those in a secure zone.

• Option B: No, because there can be in-scope general operator PCs used to access a SWIFT-related application hosted at a service provider

This is correct. General operator PCs used to access SWIFT-related applications (e.g., Alliance Lite2 Business Application hosted by a service provider) are in scope of the CSCF, as they handle sensitive SWIFT data or credentials. Control "1.1" and "6.1 Security Awareness" require these PCs to have restricted Internet access to prevent malware or unauthorized access, even if the application is hosted externally. The "CSP Architecture Type - Decision tree" includes such endpoints in the assessment scope, making Internet access restriction relevant beyond the secure zone.

Summary of Correct Answer:

The restriction of Internet access is not only relevant when having SWIFT-related components in a secure zone; it applies to in-scope general operator PCs accessing hosted applications (B).

References to SWIFT Customer Security Programme Documents:

• Swift Customer Security Controls Framework v2025: Control 1.1 mandates Internet access restriction for in-scope components.

• Independent Assessment Framework: Includes operator PCs in scope, even with external hosting.

• CSP_controls_matrix_and_high_test_plan_2025: Applies controls to endpoints accessing SWIFT services.

========

CSCF Control "1.2 Physical Security" requires SWIFT users to protect the physical locations of SWIFT-related servers and infrastructure from unauthorized access. Let’s evaluate:

• The control mandates measures such as restricting physical access, using surveillance, and maintaining an access control list for individuals entering server locations.

• Regular review of physical access lists is explicitly included to ensure that only authorized personnel have access and to identify any anomalies or outdated permissions. This is part of the ongoing monitoring requirement under CSCF Control "1.2" and is detailed in the "Assessment template for Mandatory controls."

• The "Independent Assessment Framework" and "CSP_controls_matrix_and_high_test_plan_2025" emphasize this as a mandatory practice to maintain physical security integrity.

Summary of Correct Answer:

The Physical Security control includes a regular review of physical access lists (TRUE).

References to SWIFT Customer Security Programme Documents:

• Swift Customer Security Controls Framework v2025: Control 1.2 requires access list reviews.

• Assessment template for Mandatory controls: Includes this as a compliance criterion.

• CSP_controls_matrix_and_high_test_plan_2025: Tests for regular access list reviews.

SWIFT Alliance Cloud is a managed cloud service provided by SWIFT to deliver a fully hosted SWIFT infrastructure, reducing the local footprint for users. Let’s evaluate each option:

• Option A: Alliance Cloud is a SWIFT cloud-based solution. It provides a universal channel to the financial community and to SWIFT Value Added services and initiatives

This is partially correct but incomplete. Alliance Cloud is indeed a SWIFT-managed cloud solution, and it facilitates connectivity to the financial community and SWIFT Value Added Services (e.g., SWIFT gpi, Sanctions Screening). However, the term "universal channel" is vague and not a precise description of Alliance Cloud’s functionality, which is more accurately defined as a hosted messaging and connectivity platform. This option lacks specificity about the deployment model.

• Option B: Alliance Cloud is a cloud-based solution. It is offered by the 3 official public cloud providers. This allows customers the choice to select their preferred cloud provider

This is incorrect. Alliance Cloud is a SWIFT-managed service deployed on specific public cloud providers approved by SWIFT, not a solution where customers can choose any of the "3 official public cloud providers." SWIFT partners with select providers (e.g., AWS, Microsoft Azure, Google Cloud) but controls the deployment and configuration, limiting customer choice to SWIFT-approved instances.

• Option C: Alliance Cloud is a cloud-based solution. It is offered by any public cloud provider that subscribed to the digital connectivity initiative

This is incorrect. Alliance Cloud is not available on any public cloud provider that subscribes to a "digital connectivity initiative." It is hosted exclusively on SWIFT-approved public cloud providers, ensuring compliance with SWIFT’s security and operational standards. The term "digital connectivity initiative" is not a recognized framework in SWIFT documentation for Alliance Cloud.

• Option D: Alliance Cloud is a SWIFT cloud-based solution. It consists of an Alliance Access instance deployed at one of the three SWIFT-approved public cloud providers

This is correct. Alliance Cloud is a SWIFT-managed cloud solution that includes a hosted Alliance Access instance (a messaging interface) deployed on one of the three SWIFT-approved public cloud providers (e.g., AWS, Microsoft Azure, Google Cloud). This setup provides a fully managed environment for SWIFT connectivity, reducing the user’s local infrastructure needs. The CSCF applies to this cloud deployment, with SWIFT managing many security controls (e.g., "1.1 SWIFT Environment Protection"). SWIFT documentation confirms this model, emphasizing the use of approved providers.

Summary of Correct Answer:

The correct statement is D, accurately describing Alliance Cloud as a SWIFT-managed solution with an Alliance Access instance on SWIFT-approved public cloud providers.

References to SWIFT Customer Security Programme Documents:

• SWIFT Customer Security Controls Framework (CSCF) v2024: Supports cloud deployments on approved providers (Control 1.1).

• SWIFT Alliance Cloud Documentation: Details the deployment on SWIFT-approved public cloud providers with Alliance Access.

• SWIFT Cloud Partnership Guidelines: Lists approved providers like AWS, Azure, and Google Cloud.

========

This question addresses the implementation requirements for CSCF security controls.

Step 1: Understand CSCF Compliance

The CSCF v2024 emphasizes achieving control objectives and mitigating risk drivers for in-scope components, allowing flexibility in implementation, as per Control Objectives Overview .

Step 2: Evaluate Each Option

A. A solution that maps the implementation guidelines described for a controls in scope components While implementation guidelines exist, strict adherence is not mandatory. The CSCF v2024 allows custom solutions if they meet objectives. Conclusion : Incorrect.

B. A solution that meets the control objectives and addresses the risk drivers for the in scope components The CSCF v2024 and Swift CSP FAQ require solutions to align with control objectives (e.g., security, detection) and mitigate identified risks, offering flexibility in approach. Conclusion : Correct.

Step 3: Conclusion and Verification

The correct answer is B , as the CSCF v2024 prioritizes meeting objectives and addressing risks over rigid guideline mapping.

References

Swift Customer Security Controls Framework (CSCF) v2024 , Section: Control Objectives.

Swift CSP FAQ , Section: Implementation Flexibility.

This question examines the timing of a CSP assessment relative to the activation of a new CSCF version, a key aspect of compliance under the Swift Customer Security Programme.

Step 1: Understand CSP Assessment Timing

The Swift Customer Security Controls Framework (CSCF) requires users to perform an independent assessment annually or as mandated, based on the active version of the CSCF at the time of attestation. The Independent Assessment Framework and Swift CSP Compliance Guidelines provide rules on version applicability and assessment scheduling.

Step 2: Analyze the Scenario

The scenario states that the Swift user wants to perform their CSP assessment in May for a CSCF version that will become active in July of the same year. We need to determine if this is permissible.

Step 3: Evaluate Against Swift CSP Guidelines

The CSCF v2024 and Swift CSP FAQ allow users to prepare for upcoming CSCF versions before their activation date. Swift releases new versions with advance notice (typically 6-12 months), and users are encouraged to align their compliance efforts with the upcoming version to ensure readiness.

The Independent Assessment Framework specifies that assessments must be based on the CSCF version in effect at the time of attestation (e.g., submission to Swift). However, users can conduct preparatory assessments or self-assessments on a future version before its activation date to plan and implement necessary changes. The official attestation must still align with the active version, but early assessment is not prohibited.

For example, if the assessment in May is a preparatory exercise (e.g., a pre-assessment or gap analysis) for the July version, it is allowed. The final attestation would then be submitted once the version is active (e.g., in July or later), ensuring compliance with the active framework.

Step 4: Conclusion and Verification

The answer is B , as the CSCF v2024 and Independent Assessment Framework permit users to start assessments on a particular version before its activation date for planning purposes, provided the official attestation aligns with the active version at the time of submission.

References

Swift Customer Security Controls Framework (CSCF) v2024 , Section: Assessment Timing.

Swift Independent Assessment Framework , Section: Version Applicability.

Swift CSP FAQ , Section: Assessment Scheduling and Version Updates.

The "Outsourcing Agents - Security Requirements Baseline v2025" and "Independent Assessment Framework" address reliance on outsourcing agents’ assessments. Let’s evaluate each option:

• Option A: Yes, after confirmation and validation of the scope

This is correct. The SWIFT user can rely on the outsourcing agent’s independent assessment report if it covers the relevant CSP components and uses the latest CSCF version. However, the user’s assessor must confirm and validate the scope and findings to ensure alignment with the user’s attestation, as per the "Independent Assessment Process for Assessors Guidelines."

• Option B: Yes, only if the outsourcing agent is a global trusted provider and published the report on their compliance portal

This is incorrect. The CSP does not require the outsourcing agent to be a "global trusted provider" or publish the report publicly; validation by the user’s assessor is sufficient.

• Option C: No, an audit report (and not an assessment) is required from the outsourcing agent as an external provider

This is incorrect. An independent assessment report is acceptable, not necessarily an audit report, as long as it meets CSCF standards, per the "Outsourcing Agents - Security Requirements Baseline v2025."

• Option D: No, except if the cloud provider components are partially covered by the SWIFT Alliance Connect Virtual programme

This is incorrect. The Alliance Connect Virtual programme’s coverage is irrelevant; the key is the report’s validity and scope validation.

Summary of Correct Answer:

The report is sufficient after confirmation and validation of the scope (A).

References to SWIFT Customer Security Programme Documents:

• Outsourcing Agents - Security Requirements Baseline v2025: Allows reliance on agent assessments.

• Independent Assessment Process for Assessors Guidelines: Requires scope validation.

• Swift_CSP_Assessment_Report_Template: Supports integrated reporting.

========

Alliance Access (SAA) is a SWIFT product used by financial institutions to manage the creation, processing, and transmission of SWIFT messages. In the context of the SWIFT Customer Security Programme (CSP), we need to classify its role within the SWIFT architecture:

• Option A: A Messaging Interface

This is correct. Alliance Access is classified as a messaging interface in SWIFT terminology. It allows users to create, validate, and send SWIFT messages (e.g., FIN MT messages like MT103 for payments) and receive incoming messages. It interfaces with the institution’s back-office systems and connects to the SWIFT network via a communication interface like Alliance Gateway (SAG). The CSCF categorizes components like Alliance Access as messaging interfaces, as they handle the business logic of message processing, and applies specific controls (e.g., "2.1 Internal Data Transmission Security") to secure these interfaces.

• Option B: A Communication Interface

This is incorrect. A communication interface in SWIFT terminology refers to components like Alliance Gateway (SAG), which manage the network-level connectivity to SWIFTNet via SwiftNet Link (SNL). Alliance Access does not handle network connectivity directly; it relies on SAG for this purpose. Alliance Access focuses on message creation and processing, not communication with the SWIFT network.

• Option C: A SWIFT Connector

This is incorrect. The term "SWIFT Connector" is not a standard classification in the CSP or SWIFT documentation. It might refer to integration tools like the SWIFT Integration Layer (SIL) used in cloud deployments, but Alliance Access does not fit this category. Alliance Access is a full-fledged messaging interface, not a connector.

• Option D: A Secure Server

This is incorrect. While Alliance Access operates on a server and must be secured as per CSCF controls (e.g., "2.3 System Hardening"), it is not classified as a "secure server." This term is too vague and does not reflect Alliance Access’s specific role as a messaging interface.

Summary of Correct Answer:

Alliance Access is a messaging interface (A), responsible for creating, processing, and managing SWIFT messages within the CSP framework.

References to SWIFT Customer Security Programme Documents:

• SWIFT Customer Security Controls Framework (CSCF) v2024: Classifies Alliance Access as a messaging interface (Control 2.1).

• SWIFT Alliance Access Documentation: Describes its role in message creation and processing.

• SWIFT Architecture Glossary: Distinguishes messaging interfaces (e.g., Alliance Access) from communication interfaces (e.g., Alliance Gateway).

========

Bridging servers facilitate data exchange between the back-office systems (e.g., Treasury Management Systems) and the SWIFT infrastructure (e.g., Alliance Access or Gateway). The CSCF scope includes components that handle SWIFT-related data or connectivity. Let’s evaluate:

• The "Swift Customer Security Controls Framework v2025" defines the secure zone and includes internal data transmission components. Bridging servers, as part of the data flow between back-office and SWIFT infrastructure, are considered in scope, particularly under Control "2.1 Internal Data Transmission Security" (mandatory) and related advisory controls (e.g., 2.3 System Hardening).

• The "CSP Architecture Type - Decision tree" includes such servers when they are part of the SWIFT environment, even if some controls are advisory depending on the architecture (e.g., A1 or A2).

• The "Assessment template for Advisory controls" applies to bridging servers for non-mandatory measures, while mandatory controls ensure secure data exchange.

Summary of Correct Answer:

Bridging servers are in scope of CSCF security controls, with some being advisory (TRUE).

References to SWIFT Customer Security Programme Documents:

• Swift Customer Security Controls Framework v2025: Control 2.1 includes bridging servers.

• CSP_controls_matrix_and_high_test_plan_2025: Lists applicable controls.

• Assessment template for Advisory controls: Applies to bridging servers.

========

This question concerns the deliverables following a CSP assessment, specifically whether a completion letter is mandated alongside a detailed assessment report.

Step 1: Understand CSP Assessment Deliverables

The Swift Customer Security Programme (CSP) requires an independent assessment to validate compliance with the Customer Security Controls Framework (CSCF) v2024 . The Independent Assessment Framework outlines the process and deliverables, including the submission of assessment reports and related documentation to Swift.

Step 2: Analyze the Requirement for a Completion Letter

The Independent Assessment Framework mandates that, following an assessment, the assessor provides a detailed report to the Swift user, documenting the findings, control effectiveness, and any remediation actions.

Additionally, Swift requires a completion letter to confirm that the assessment has been conducted in accordance with CSP guidelines. This letter, typically signed by the assessor or the user’s authorized representative, certifies the completion of the assessment and is submitted to Swift as part of the attestation process. This is detailed in the Swift CSP Compliance Guidelines and the Independent Assessment Framework , which specify that both the report and the completion letter are required for formal submission.

The completion letter serves as an official acknowledgment that the assessment meets Swift’s quality and procedural standards, complementing the detailed report.

Step 3: Conclusion and Verification

The answer is A , as the CSCF v2024 and Independent Assessment Framework mandate that a completion letter must be supplied alongside the detailed assessment report to fulfill Swift’s compliance requirements.

References

Swift Customer Security Controls Framework (CSCF) v2024 , Section: Independent Assessment Requirements.

Swift Independent Assessment Framework , Section: Deliverables and Attestation.

Swift CSP Compliance Guidelines , Section: Assessment Submission Process.

This question determines which components in the outsourcing agent diagram are in scope and applicable for the Swift user under the Swift Customer Security Controls Framework (CSCF) v2024 .

Step 1: Understand CSCF Scope and the Diagram

The CSCF v2024 defines the scope as systems directly involved in Swift messaging, connectivity, or security within the user’s control or responsibility, including those managed by outsourcing agents. The diagram includes:

A. Middleware server (customer connector) : Part of the Swift user’s environment.

B. General-purpose PC Operator GUI : An operator system in the user’s environment.

C. Swift-related OAA : The messaging interface in the outsourcing agent’s environment.

D. Customer connector : A connector in the outsourcing agent’s environment interfacing with the next service provider.

E. Dedicated PC Admin users : Administrative systems in the outsourcing agent’s environment.

The Independent Assessment Framework holds the Swift user accountable for in-scope components, even when outsourced, per Control 1.1: Swift Environment Protection .

Step 2: Analyze Component Applicability

A. Middleware server (customer connector) : Located in the Swift user’s environment, this connects to the outsourcing agent. While it facilitates Swift traffic, it is typically considered part of the user’s local infrastructure and not directly in the outsourcing agent’s scope for user responsibility, unless explicitly outsourced. The CSCF v2024 scope focuses on Swift-related systems managed by the outsourcing agent when the user relies on them.

B. General-purpose PC Operator GUI : This is a user-side operator system, not a core Swift component. Per Control 1.2: Logical Access Control , it is out of the secure zone and not in scope for the outsourcing agent’s responsibility.

C. Swift-related OAA : This is the messaging interface (e.g., Alliance Access) managed by the outsourcing agent. It is in scope for the Swift user, as they are responsible for its security and compliance, per Control 1.1 .

D. Customer connector : This connector, within the outsourcing agent’s environment, interfaces with the next service provider (e.g., SB, L2BA). It is in scope, as the user must ensure its security under Control 1.1 .

E. Dedicated PC Admin users : These administrative systems, managed by the outsourcing agent, are in scope because they control Swift-related components, per Control 1.2 .

Step 3: Match with Options

A. Components A, B, C, D and E : Includes A and B, which are not in scope for the outsourcing agent’s responsibility under the user’s purview.

B. Components A and B : Only includes user-side components, not the outsourcing agent’s in-scope systems.

C. Components C, D and E : Includes the outsourcing agent’s Swift-related OAA, customer connector, and admin PCs, which are in scope for the user’s compliance responsibility.

D. None of the above : Incorrect, as C, D, and E are applicable.

Step 4: Conclusion and Verification

The correct answer is C , as Components C, D, and E, managed by the outsourcing agent, are in scope and applicable for the Swift user’s compliance under the CSCF v2024 .

References

Swift Customer Security Controls Framework (CSCF) v2024 , Control 1.1: Swift Environment Protection, Control 1.2: Logical Access Control.

Swift Independent Assessment Framework , Section: Outsourcing Scope.

Swift Outsourcing Guidelines , Section: User Responsibility.

This question assesses whether a short interview with the HR manager providing one example of security training implementation is acceptable for a small infrastructure with only two operators, under the Swift Customer Security Programme (CSP).

Step 1: Understand Security Training Requirements

The Swift Customer Security Controls Framework (CSCF) v2024 , under Control 5.1: Security Training and Awareness , mandates that all personnel with access to Swift-related systems (including operators) receive regular, documented security training. This includes awareness of security policies, procedures, and incident response. The control applies regardless of the size of the infrastructure.

Step 2: Analyze the Scenario

The entity has a small infrastructure with two operators, and the HR manager provides a short interview with one example of security training implementation.

The Independent Assessment Framework requires assessors to validate the effectiveness of controls, including evidence of training completion, content, frequency, and attendance records. A risk-based approach allows flexibility, but minimum evidence standards must still be met.

Step 3: Evaluate Against CSCF Guidelines

Control 5.1 specifies that training must be documented, with evidence such as training logs, attendance records, or certification. A single interview with one example does not provide sufficient evidence to demonstrate:

That all operators (both in this case) have been trained.

The frequency and comprehensiveness of the training program.

The effectiveness of the training (e.g., understanding and application).

The Swift CSP FAQ and Security Best Practices note that even for small entities, assessors must see multiple pieces of evidence (e.g., training schedules, materials, test results) to confirm compliance, especially during an independent assessment.

A risk-based testing approach (mentioned in option A) allows tailoring the depth of evidence based on risk, but it does not exempt small entities from providing more than a single anecdotal example. The Independent Assessment Framework requires objective evidence, not just verbal assurances.

Step 4: Conclusion and Verification

The answer is B , as a short interview with one example is insufficient to meet the evidence requirements of Control 5.1 in the CSCF v2024 . More evidence (e.g., training records, attendance logs, or test results) is required to validate compliance, even for a small infrastructure.

References

Swift Customer Security Controls Framework (CSCF) v2024 , Control 5.1: Security Training and Awareness.

Swift Independent Assessment Framework , Section: Evidence Requirements.

Swift Security Best Practices , Section: Training Documentation.

Swift CSP FAQ , Section: Small Entity Compliance.

The CSCF, under Control "6.1 Security Awareness" and related security controls, mandates the definition and implementation of a Password/PIN Policy for components requiring user authentication to protect the SWIFT environment. Let’s evaluate each option:

• Option A: Operator PCs, (physical or virtual) systems running SWIFT-related components, network devices protecting the secure zone(s), bridging servers

This requires a Password/PIN Policy. Operator PCs, systems running SWIFT components (e.g., Alliance Access), network devices (e.g., VPN boxes), and bridging servers need authentication policies to secure access, as per CSCF Control "2.3 System Hardening" and "6.1."

• Option B: Jump server(s), SWIFT-related components at application level

This requires a Password/PIN Policy. Jump servers and application-level components (e.g., Alliance Gateway) must have authentication mechanisms to protect the secure zone, aligning with CSCF Control "1.1 SWIFT Environment Protection."

• Option C: Personal tokens or mobile devices used as a possession factor

This does not require a Password/PIN Policy. Personal tokens or mobile devices (e.g., secure code cards or soft tokens) are possession factors used in multi-factor authentication (MFA), typically alongside a password or PIN. However, the CSCF does not mandate defining a Password/PIN Policy for the tokens/devices themselves, as their security relies on physical possession and manufacturer hardening, not user-defined policies. The "Outsourcing Agents - Security Requirements Baseline v2025" supports this by focusing policy requirements on systems, not possession factors.

• Option D: All equipment within the user environment

This requires a Password/PIN Policy. The CSCF applies policies to all in-scope equipment to ensure comprehensive security, contradicting the question’s intent to identify an exception.

Summary of Correct Answer:

A Password/PIN Policy must not be defined and implemented for personal tokens or mobile devices used as a possession factor (C).

References to SWIFT Customer Security Programme Documents:

• Swift Customer Security Controls Framework v2025: Control 6.1 and 2.3 mandate password policies for systems.

• Outsourcing Agents - Security Requirements Baseline v2025: Excludes possession factors from policy requirements.

• Assessment template for Mandatory controls: Focuses on system authentication policies.

========

This question requires identifying the component types of the numbered components (1, 2, 3, and 4) in the provided diagram, which illustrates a Swift infrastructure with Architecture Type A4 (user environment) and Architecture Type A1 (group hub). The classification is based on the Swift Customer Security Controls Framework (CSCF) v2024 and related architecture definitions.

Step 1: Understand the Diagram and Component Types

The diagram shows two environments:

Architecture Type A4 : The user’s local environment with back-office systems using middleware clients and servers.

Architecture Type A1 : A group hub hosting Swift components like Alliance Access, Alliance Gateway, and HSM/PKI, connecting to the Swift network.

Component Types :

Customer Connector : A system or server that facilitates connectivity between the user’s environment and the Swift infrastructure (e.g., middleware servers interfacing with the group hub).

Bridging Server (Middleware Server) : A server that bridges data flows between back-office systems and the Swift messaging environment, often handling message queuing or transformation.

Step 2: Analyze Each Numbered Component

Component 1 (Middleware Server connected to Back Office 1) : This server is part of the A4 architecture, interfacing the back-office middleware client with the group hub (A1). It acts as a connector, facilitating data exchange to the MQHA (Message Queue High Availability) server in the group hub. Per the CSCF v2024 and Swift Architecture Types Explained , this is a Customer Connector .

Component 2 (MQHA Middleware Server in the Group Hub) : This server is within the A1 group hub, bridging the user’s data (via the customer connector) to the Alliance Access and Gateway. It handles message queuing and acts as a Bridging Server (Middleware Server) , as defined in the Swift Alliance Gateway Technical Documentation .

Component 3 (Middleware Server connected to Back Office 2) : Similar to Component 1, this server connects the second back-office middleware client to the MQHA server in the group hub, functioning as a Customer Connector .

Component 4 (MQ Middleware Server connected to MQHA) : This server within the A1 group hub supports the MQHA, bridging data flows to the Swift messaging components (Alliance Access/Gateway). It is a Bridging Server (Middleware Server) , consistent with the CSCF v2024 definitions.

Step 3: Match with Options

A. 1. Customer Connector, 2. Bridging Server (Middleware Server), 3. Customer Connector, 4. Bridging Server (Middleware Server) : Matches the analysis above.

B. 1. Customer Connector, 2. Bridging Server (Middleware Server), 3. Customer Connector, 4. Customer Connector : Incorrect, as Component 4 is a bridging server, not a customer connector.

C. 1. Bridging Server (Middleware Server), 2. Bridging Server (Middleware Server), 3. Bridging Server (Middleware Server), 4. Bridging Server (Middleware Server) : Incorrect, as Components 1 and 3 are customer connectors, not bridging servers.

D. 1. Customer Connector, 2. Customer Connector, 3. Customer Connector, 4. Customer Connector : Incorrect, as Components 2 and 4 are bridging servers.

Step 4: Conclusion and Verification

The correct answer is A , as it accurately identifies the component types based on their roles in the A4 and A1 architectures, consistent with CSCF v2024 and Swift Architecture Types Explained .

References

Swift Customer Security Controls Framework (CSCF) v2024 , Control 1.1: Swift Environment Protection.

Swift Architecture Types Explained , Section: Component Roles.

Swift Alliance Gateway Technical Documentation , Section: Middleware and Connectors.

This question identifies the supporting documents for a CSP assessment under the Swift Customer Security Programme (CSP) .

Step 1: Understand Assessment Documentation

The Independent Assessment Framework and CSCF v2024 specify the documents assessors must use to evaluate compliance with CSCF controls.

Step 2: Evaluate Each Option

A. The CSP User Handbook The Swift CSP User Handbook provides guidance on CSP requirements, processes, and best practices, making it a key supporting document for assessors. Conclusion : Correct.

B. The mapping to industry standards article While useful for context, this article is not a primary document for conducting assessments. The CSCF v2024 focuses on its own controls, not industry mappings, which are advisory. Conclusion : Incorrect.

C. The Controls Matrix and High Level Test Plan The Controls Matrix (part of the CSCF) maps controls to components, and the High Level Test Plan outlines assessment procedures. Both are essential for structuring and executing the assessment, per the Independent Assessment Framework . Conclusion : Correct.

D. The Customer Security Controls Framework The CSCF v2024 is the foundational document defining controls and requirements, mandatory for all assessments. Conclusion : Correct.

Step 3: Conclusion and Verification

The correct answers are A, C, and D , as these documents are explicitly referenced in the CSCF v2024 and Independent Assessment Framework for conducting CSP assessments.

References

Swift Customer Security Controls Framework (CSCF) v2024 , Section: Assessment Guidance.

Swift Independent Assessment Framework , Section: Supporting Documents.

Swift CSP User Handbook , Section: Assessment Process.

This question pertains to Control 7.3 – Physical Security in the CSCF:

Step 1: Control 7.3 Overview

Control 7.3 focuses on “physically securing SWIFT-related systems and components” (e.g., servers, HSMs) within the user’s premises to prevent unauthorized access, tampering, or theft.

The Swift Alliance Gateway is a critical component in the Swift ecosystem, designed to facilitate secure messaging and connectivity. Let’s evaluate each option based on the Swift Customer Security Controls Framework (CSCF) v2024 and related documentation.

Step 1: Understand the Role of Swift Alliance Gateway

The Swift Alliance Gateway (SAG) is a software component that serves as a centralized entry point for SwiftNet messaging services. It handles traffic concentration, security, and connectivity management. This is detailed in the Swift Alliance Gateway User Guide and referenced in the CSCF v2024 under Control 1.1: Swift Environment Protection .

Step 2: Evaluate Each Option

A. It acts as the single window to SwiftNet messaging services by concentrating your traffic flows The SAG is designed to consolidate and manage all SwiftNet traffic from a user’s environment, acting as a single point of access to SwiftNet services. This is a primary function, as confirmed in the Swift Alliance Gateway Technical Documentation and aligns with Control 1.1 , which emphasizes secure traffic management. Conclusion : This statement is correct.

B. It allows sharing of PKI profiles between application or individuals, through the use of virtual profiles The SAG supports the use of virtual PKI profiles to enable secure sharing of cryptographic identities across applications or users within the Swift environment. This feature enhances flexibility while maintaining security, as noted in the Swift Security Best Practices and Control 2.5B: Cryptographic Key Management . Conclusion : This statement is correct.

C. It allows the creation and/or modification of some Swift messages (depending on the types & /or formats) The SAG is a gateway for message routing and security, not a tool for creating or modifying Swift messages. Message creation and modification are handled by applications like Alliance Access or Entry, not the Gateway. This is clarified in the Swift Alliance Gateway User Guide , which specifies its role as a connectivity and security layer. Conclusion : This statement is incorrect.

D. The Alliance Gateway can only be accessed by a SWIFTNet user The SAG is accessed by authorized systems and users within the Swift user’s environment, not exclusively by SwiftNet users. It interfaces with operator systems, middleware, and other components, as per Control 1.2: Logical Access Control , which allows controlled access by authorized entities, not just SwiftNet users. Conclusion : This statement is incorrect.

Step 3: Conclusion and Verification

The verified statements are A and B , as they accurately reflect the SAG’s role in traffic concentration and PKI profile management, consistent with Swift CSP documentation.

References

Swift Alliance Gateway User Guide , Section: Functionality Overview.

Swift Customer Security Controls Framework (CSCF) v2024 , Control 1.1: Swift Environment Protection, Control 2.5B: Cryptographic Key Management.

Swift Security Best Practices , Section: Alliance Gateway Configuration.

The "Swift Customer Security Controls Policy" and "Independent Assessment Framework" outline the consequences of non-compliance with the CSP. Let’s evaluate each option:

• Option A: To be reported to their supervisors (if applicable)

This does not apply. Non-compliance is managed by SWIFT, not internal reporting to supervisors, unless specified by the user’s internal governance (not a CSP requirement).

• Option B: To be seen as non-compliant to their counterparts in KYC-SA

This applies. Non-compliance is reflected in the KYC-SA portal, where counterparties can view the user’s status, impacting trust and business relationships, as per the "Independent Assessment Framework."

• Option C: To be contacted by SWIFT to provide the CSP assessment report and detailed information about the reason of non-compliance

This applies. SWIFT engages with non-compliant users, requesting assessment reports and remediation plans, as outlined in the "Swift_CSP_Assessment_Report_Template" and "Independent Assessment Process for Assessors Guidelines."

• Option D: To be delisted from the BIC directory

This does not apply. Delisting is an extreme measure not automatically triggered by non-compliance; it requires persistent failure to remediate after engagement, which is not guaranteed.

Summary of Correct Answers:

Possible impacts include being seen as non-compliant in KYC-SA (B) and being contacted by SWIFT for reports (C).

References to SWIFT Customer Security Programme Documents:

• Independent Assessment Framework: Details non-compliance impacts.

• Swift_CSP_Assessment_Report_Template: Supports SWIFT follow-up.

• CSP_controls_matrix_and_high_test_plan_2025: Reflects KYC-SA visibility.

========

Application Hardening is a key concept within the Swift Customer Security Controls Framework (CSCF) , specifically addressed under security controls related to protecting systems and reducing vulnerabilities. The CSCF outlines principles to secure applications by minimizing risks, particularly in the context of Swift-related systems. Let’s break down the options and verify them against Swift CSP guidelines.

Step 1: Understand Application Hardening in the Context of Swift CSP

Application Hardening refers to the process of securing an application by reducing its attack surface, limiting access, and mitigating potential vulnerabilities. This aligns with Swift CSP’s overarching goal of enhancing the security of the Swift user community, as outlined in the CSCF v2024 (and prior versions like CSCF v2023). Relevant controls fall under domains like Control Objective 2: Protect Critical Systems and Control Objective 6: Detect Anomalous Activity .

Step 2: Evaluate Each Option Against Swift CSP Principles

A. Least Privileges The principle of least privilege is a core tenet of application hardening. It ensures that applications (and users) only have the minimum permissions necessary to perform their functions, reducing the risk of misuse or exploitation. This is explicitly referenced in the CSCF v2024 , under Control 2.1: Operating System Privileged Account Control , which emphasizes restricting privileges to the minimum required. Application Hardening extends this to software processes, ensuring they run with minimal rights. Conclusion : This applies.

B. Access on a need to have This principle, often phrased as “need-to-know” or “need-to-have” in security contexts, ensures that access to applications or their components is granted only to entities that require it for their role. In the Swift CSP, this aligns with Control 2.3: System Access Control , which mandates that access to Swift-related systems (including applications) is restricted to authorized users or processes. Application Hardening incorporates this by ensuring that applications only expose interfaces or resources to authorized entities. Conclusion : This applies.

C. Reduced footprint for less potential vulnerabilities Reducing the attack surface (or “footprint”) of an application is a fundamental hardening technique. This involves disabling unnecessary features, services, or modules that could be exploited. The CSCF v2024 addresses this under Control 2.5A: Application Hardening , which explicitly requires users to minimize the attack surface of Swift-related applications by removing unused components and limiting exposed services. This directly correlates with reducing potential vulnerabilities. Conclusion : This applies.

D. Enhanced Straight Through Processing (STP) Straight Through Processing refers to the automated, end-to-end processing of transactions without manual intervention, a concept often associated with operational efficiency in financial systems. While STP is relevant to Swift’s messaging and transaction workflows, it is not a principle of Application Hardening. The CSCF does not link STP to security hardening practices, which focus on reducing vulnerabilities rather than optimizing transaction flows. Conclusion : This does not apply.

Step 3: Conclusion and Verification

Application Hardening, as per the Swift Customer Security Controls Framework (CSCF) , focuses on security principles that minimize risks to applications. The verified principles are Least Privileges (A) , Access on a need to have (B) , and Reduced footprint for less potential vulnerabilities (C) . These align with Swift CSP’s emphasis on securing critical systems and reducing attack surfaces.

References

Swift Customer Security Controls Framework (CSCF) v2024 , Control 2.5A: Application Hardening.

Swift Customer Security Programme – Security Best Practices , Section: Application Security.

CSCF v2024 , Control 2.1: Operating System Privileged Account Control, and Control 2.3: System Access Control.

The "Independent Assessment Process for Assessors Guidelines" governs the conduct of CSP assessments, including location and method. Let’s evaluate each option:

• Option A: Remote assessments are not permitted under any circumstances

This is incorrect. The CSP allows remote assessments under specific conditions, as clarified in the guidelines, not an absolute prohibition.

• Option B: This is permitted provided the same level of comfort can be guaranteed

This is incorrect. While ensuring equivalent assurance is important, the CSP requires formal validation for remote assessments, not just assessor discretion.

• Option C: It is possible to perform an assessment remotely only with valid reasons. These reasons must be formally validated by SWIFT CSP office

This is correct. The "Independent Assessment Process for Assessors Guidelines" permits remote assessments when justified (e.g., geographical distance, logistical challenges), but such arrangements must be approved by the SWIFT CSP office to ensure compliance and security. This aligns with the "Independent Assessment Framework" emphasis on maintaining assessment integrity.

• Option D: It is not allowed to conduct an assessment remotely under any circumstances. However, force majeure circumstances like the global pandemic are an exception to this

This is incorrect. The CSP does not categorically ban remote assessments; it allows them with prior validation, not just as exceptions for force majeure.

Summary of Correct Answer:

Remote assessments are permitted with valid reasons and formal validation by the SWIFT CSP office (C).

References to SWIFT Customer Security Programme Documents:

• Independent Assessment Process for Assessors Guidelines: Allows remote assessments with approval.

• Independent Assessment Framework: Ensures assessment integrity.

• CSP_controls_matrix_and_high_test_plan_2025: Supports validated remote methods.

========

This question addresses the type of control effectiveness that must be validated during an independent assessment under the Swift Customer Security Programme (CSP). Let’s analyze this based on the Swift Customer Security Controls Framework (CSCF) and related guidelines.

Step 1: Understand Independent Assessments in Swift CSP

The Swift CSP mandates that users undergo an independent assessment to validate their compliance with the CSCF controls. This requirement is detailed in the CSCF v2024 , under the Independent Assessment Framework . The purpose of the assessment is to ensure that controls are not only designed appropriately but also implemented and operating effectively.

Step 2: Evaluate Each Option

A. Effectiveness is never validated only the control design This statement is incorrect. The Independent Assessment Framework explicitly requires validation of both the design and the operational effectiveness of controls. Assessing only the design without confirming that the control is working as intended does not meet Swift’s compliance requirements. Conclusion : This is incorrect.

B. An independent assessment is a point in time review with possible reviews of older evidence as appropriate While this statement is factually true (an independent assessment is indeed a point-in-time review, as per the CSCF v2024 ), it does not directly answer the question about what type of control effectiveness needs to be validated. It describes the nature of the assessment, not the focus of validation. Conclusion : This does not address the question directly.

C. Operational effectiveness needs to be validated The Independent Assessment Framework specifies that an independent assessment must validate both the design and the operational effectiveness of CSCF controls. Operational effectiveness ensures that controls are functioning as intended over a period of time, not just designed correctly on paper. This includes testing controls (e.g., logging, access controls) to confirm they are working in practice, as required for attestation. Conclusion : This is correct.

D. None of the above Since option C is correct, this option is not applicable. Conclusion : This is incorrect.

Step 3: Conclusion and Verification

The correct answer is C , as the CSCF v2024 and Independent Assessment Framework require validation of the operational effectiveness of controls during an independent assessment, ensuring that controls are not only designed but also implemented and functioning effectively.

References

Swift Customer Security Controls Framework (CSCF) v2024 , Section: Independent Assessment Requirements.

Swift Independent Assessment Framework , Section: Assessment Scope and Objectives.

Swift CSP FAQ , Section: Independent Assessment Guidelines.

The "Independent Assessment Framework" and "Independent Assessment Process for Assessors Guidelines" require that the CSP assessment be conducted by an independent, certified assessor, with the resulting "CSCF Assessment Completion Letter" being a key deliverable. Let’s evaluate each option:

• Option A: The Internal audit lead assessor and the external company lead assessor

This is incorrect. The CSP prohibits reliance on internal audits for the completion letter due to the independence requirement. Only the external assessor’s letter is valid, as per the "Independent Assessment Framework."

• Option B: The Internal audit lead assessor only

This is incorrect. Internal audits lack the independence needed to issue the completion letter, which must come from an external assessor.

• Option C: The External company lead assessor only

This is correct. The "Independent Assessment Process for Assessors Guidelines" mandates that the completion letter be provided by the lead assessor from the external assessment company, as they are the independent entity conducting the assessment. The internal audit’s involvement is supplementary and cannot replace the external assessor’s responsibility.

• Option D: None of them, it is not required when an internal department was involved in the assessment

This is incorrect. A completion letter is always required, and internal involvement does not waive this requirement; it must be issued by the external assessor.

Summary of Correct Answer:

Only the external company lead assessor needs to provide the completion letter (C).

References to SWIFT Customer Security Programme Documents:

• Independent Assessment Framework: Requires an independent assessor’s completion letter.

• Independent Assessment Process for Assessors Guidelines: Specifies external assessor responsibility.

• CSCF Assessment Completion Letter: Issued by the external assessor.

========

The SWIFT CSP Assessor certification program, governed by the "Independent Assessment Process for Assessors Guidelines" and related documents, requires assessors to maintain relevant professional qualifications. Let’s evaluate:

• Option A: No, a valid external cybersecurity certification is mandatory to keep the CSP Certified Assessor certification

This is correct. The SWIFT CSP Assessor certification requires assessors to hold a valid external cybersecurity certification (e.g., CISA, CISSP) as a prerequisite for initial certification and ongoing eligibility. The "Independent Assessment Process for Assessors Guidelines" specifies that expiration of this certification invalidates the CSP Assessor status until renewed, ensuring assessors maintain current expertise.

• Option B: Yes, if the SWIFT CSP Assessor certification is still valid

This is incorrect. The validity of the CSP Assessor certification is contingent on maintaining an active external cybersecurity certification. The "Independent Assessment Framework" and "Assessment template for Mandatory controls" emphasize this dual requirement to uphold assessment quality.

Summary of Correct Answer:

A valid external cybersecurity certification is mandatory; an expired certification disqualifies the assessor (A).

References to SWIFT Customer Security Programme Documents:

• Independent Assessment Process for Assessors Guidelines: Requires active external certification.

• Independent Assessment Framework: Links assessor eligibility to professional credentials.

• CSP_controls_matrix_and_high_test_plan_2025: Validates assessor qualifications.

========

The SWIFT CSP defines architecture types (A1 to A4) based on the components a user owns and manages, as outlined in the "CSP Architecture Type - Decision tree" and "Swift Customer Security Controls Framework v2025." These types determine the applicable security controls and assessment requirements. Let’s analyze the scenario:

• A local communication interface refers to a component like Alliance Gateway (SAG), which manages connectivity to the SWIFT network via SwiftNet Link (SNL) and VPN boxes. The user owns this interface locally as their main channel.

• A connector (or customer connector) is a custom application or integration layer that connects to SWIFT services, often used as an alternative or backup channel. In this case, it serves as a contingency backup.

• The architecture types are:

o A1: Full stack (owns messaging interface, communication interface, and network components, e.g., Alliance Access, Alliance Gateway, VPN boxes).

o A2: Owns a customer connector and communication interface, with the messaging interface hosted elsewhere (e.g., by a service bureau or SWIFT).

o A3: Owns only a customer connector, relying on external communication and messaging interfaces.

o A4: Uses a fully hosted solution (e.g., Alliance Cloud or Lite2), owning no local components.

• The scenario indicates the user owns a local communication interface (e.g., SAG) as the primary channel and a connector as a backup. However, there is no mention of owning a messaging interface (e.g., Alliance Access) locally. This suggests the messaging interface is likely hosted externally (e.g., by a service bureau or SWIFT), which aligns with the A2 architecture type. The "CSP Architecture Type - Decision tree" classifies A2 as a user with a communication interface and a customer connector, where the messaging interface is not locally owned. The backup connector does not change the primary architecture type, as it is an additional component within the A2 framework.

• Option A: A1

This is incorrect. A1 requires ownership of a messaging interface (e.g., Alliance Access), which is not mentioned.

• Option B: A2

This is correct. A2 fits the scenario of owning a communication interface and a customer connector, with the messaging interface potentially hosted elsewhere.

• Option C: A3

This is incorrect. A3 involves only a customer connector, not a communication interface.

• Option D: A4

This is incorrect. A4 applies to fully hosted solutions with no local ownership of connectors or interfaces.

Summary of Correct Answer:

The SWIFT user with a local communication interface as the main channel and a connector as a backup is of architecture type A2 (B).

References to SWIFT Customer Security Programme Documents:

• Swift Customer Security Controls Framework v2025: Defines architecture types A1-A4.

• CSP Architecture Type - Decision tree: Classifies A2 for communication interface and customer connector ownership.

• Assessment template for Mandatory controls: Applies to A2 architecture.

========

SwiftNet Link (SNL) is the mandatory network interface software that enables connectivity to the SWIFTNet network, providing transport, security, and service management functionalities. The Swift Alliance Gateway (SAG) is a communication interface that consolidates message flows and relies on SNL to connect to SWIFTNet. According to SWIFT documentation, SAG is built on top of SNL, making SNL a prerequisite for SAG operation. This dependency is consistent across on-premises and cloud-based deployments (e.g., Alliance Connect Virtual), where SNL ensures secure communication over the SWIFT Secure IP Network (SIPN). The CSCF Control "1.1 SWIFT Environment Protection" underscores the need for secure connectivity components like SNL. There are no documented scenarios where SAG can operate without SNL, confirming the statement is true.

References to SWIFT Customer Security Programme Documents:

• SWIFT Customer Security Controls Framework (CSCF) v2024: Control 1.1 mandates secure connectivity components like SNL.

• SWIFT Alliance Gateway Documentation: SAG requires SNL for SWIFTNet connectivity.

• SWIFTNet Link Documentation: SNL is the mandatory interface for all SWIFTNet communications.

========

This question examines whether an internal audit department can submit and approve a Swift user’s attestation on the KYC-SA Swift portal.

Step 1: Understand Attestation Process

The Independent Assessment Framework and CSCF v2024 require attestations to be submitted by an independent party or authorized user representative, not the internal audit department, to ensure objectivity.

Step 2: Evaluate Each Option

A. Yes, providing this is agreed by the head of IT operations and the CISO Internal audit cannot submit or approve attestations, regardless of internal agreements, per the Independent Assessment Framework . Conclusion : Incorrect.

B. No, this is never an option The CSCF v2024 and Swift CSP Compliance Guidelines prohibit internal audit from submitting or approving attestations, as they lack independence from the audited entity. Conclusion : Correct.

C. Yes, an internal auditor can submit the attestation for approval provided they have the appropriate credentials for swift.com. The CISO remains in charge of the approval of the attestation Incorrect. Internal auditors cannot submit or approve, even with credentials, due to independence requirements. Conclusion : Incorrect.

D. Yes, with approval from the Chief auditor Incorrect. Chief auditor approval does not override the independence requirement. Conclusion : Incorrect.

Step 3: Conclusion and Verification

The correct answer is B , as the CSCF v2024 and Independent Assessment Framework prohibit internal audit from submitting or approving attestations.

References

Swift Customer Security Controls Framework (CSCF) v2024 , Section: Independent Assessment.

Swift Independent Assessment Framework , Section: Attestation Submission.

Swift CSP Compliance Guidelines , Section: Independence Requirements.

SWIFT PKI certificates are critical for securing communications and require a formal request process to SWIFT for issuance or renewal. Let’s evaluate each option:

• Option A: Using both online and offline methods

This is correct. SWIFT provides multiple channels for submitting PKI certificate requests to accommodate different customer needs and security requirements. The online method involves submitting requests through the SWIFT Alliance Web Platform or SWIFT’s customer portal, where users can generate and upload certificate signing requests (CSRs). The offline method involves physical submission, such as sending a signed request via secure mail or courier, often used for initial setups or high-security environments. SWIFT documentation confirms both methods are supported, aligning with CSCF Control "1.3 Cryptographic Failover" for secure certificate management.

• Option B: Using an online method

This is incorrect as a standalone answer. While the online method is available and widely used, it is not the only method. Excluding the offline option does not reflect SWIFT’s flexible process.

• Option C: Using an offline method

This is incorrect as a standalone answer. The offline method is an option, but it is not the only method. SWIFT supports both approaches depending on the customer’s infrastructure and security policies.

• Option D: None of the above

This is incorrect. Both online and offline methods are valid, making this option invalid.

Summary of Correct Answer:

PKI certificate requests can be submitted to SWIFT using both online and offline methods (A), providing flexibility and security.

References to SWIFT Customer Security Programme Documents:

• SWIFT Customer Security Controls Framework (CSCF) v2024: Control 1.3 supports secure certificate request processes.

• SWIFT PKI Management Guide: Details online and offline submission methods for certificate requests.

• SWIFT Alliance Documentation: Confirms dual submission channels for PKI certificates.

This question relates to the objective of Control 1.1 – SWIFT Environment Protection in the CSCF:

Step 1: Control 1.1 Overview

Control 1.1 aims to “restrict access to the SWIFT infrastructure by segregating it from the general IT environment and external threats,” protecting against unauthorized access and malware.