Sectona Logo
  • Platform

    Sectona Security Platform

    Sectona Security Platform Thumbnail
    Explore Platform

    Products

    Privileged Access Management Icon

    Privileged Access Management
    Manage Passwords, Secrets & Monitor Sessions

    Endpoint Privilege Management Icon

    Endpoint Privilege Management
    Control and Secure Administrators Credentials

    Privileged Access Governance Icon

    Privileged Access Governance
    Govern Privileged Entitlement

    Platform Capabilities

    Continuous Discovery Icon

    Continuous Discovery

    Password Management Icon

    Password Management

    Secure Remote Access Icon

    Secure Remote Access

    Session Recording and Threat Analytics Icon

    Session Recording and Threat Analytics

    Multi-Factor Authentication Icon

    Multi-Factor Authentication

    Just-in-time Access Icon

    Just-in-Time Access

    Privileged Task Management Icon

    Privileged Task Management

    Account Lifecycle Management Icon

    Account Lifecycle Management

  • Solutions
    Accelerating Privilege Management Thumbnail

    Accelerating Privilege Management Transformation

    Read Whitepaper
    By Use Case Icon

    BY USE-CASES

    Secure Remote Privileged access

    Remove Administrator Rights

    Secure Cloud Environments

    Automate Entitlement Reviews

    Simplify Privileged Account Lifecyle

    By Initiative Icon

    BY INITIATIVE

    PCI-DSS Compliance

    ISO 27002

    SWIFT Security Framework

    Documentation Downloads Request Demo
  • Resources
    Accelerating Privilege Management Thumbnail

    Accelerating Privilege Management Transformation

    Read Whitepaper
    Resources Icon

    RESOURCES

    Datasheets

    Solution Briefs

    Whitepapers

    Case Studies

    Guides & Toolkits

    View All Resources

    Learn Icon

    LEARN

    PAM 101

    Technology Blog

    Product Updates

    Documentation

    Explore

    Documentation
    Learn How to Implement & Manage
    Downloads
    Find Software, Plugins & Updates
    Request Demo
  • Services

    From the Blog

    Gartner Magic Quadrant

    Gartner Magic Quadrant 2021: Sectona PAM Gets a Notable Mention

    Read Whitepaper
    TRAINING & SERVICE Professional Services Get the help you need to succeed with your privileged access management project.Explore
    Training & Certification Access learning and trainings options to improve the success of Sectona platform.Explore
    Get Support Icon

    GET SUPPORT

    Email Us

    Create a Case

    Customer Success

    Download Resources

    Explore

    Documentation
    Learn How to Implement & Manage
    Downloads
    Find Software, Plugins & Updates
    Request Demo
  • Company
    COMPANY
    Company Thumbnail

    About Us

    Customers

    Events

    Contact Us

    PARTNER
    Partner Thumbnail

    Find a Partner

    Become a Partner

    Register a Deal

    CAREERS
    Career Thumbnail

    Join the Team

    Explore Career Opportunities

    Explore Fellowship Program

    Become a Partner Become a Partner
Request Demo
Sectona Logo
  • Home
  • Platform
    • Continuous Discovery
    • Password Management
    • Secure Remote Access
    • Session Recording and Threat Analytics
    • Multi-Factor Authentication
    • Just In Time Access
    • Privileged Task Management
    • Account Lifecycle Management
    • Windows Privilege Management
    • Privileged Access Governance
  • Solutions
    • Secure remote privileged access
    • Remove Administrator Rights
    • Secure Cloud Environments
    • Automate Entitlement Reviews
    • Simplify Privileged Account lifecycle
    • PCI DSS Compliance Pertaining to Privileged Access
    • ISO 27002 Standard – Best Practices for PAM
    • SWIFT Security Framework For Privileged Access
  • Resources
    • Blog
    • PAM 101
    • Resources
  • Services
    • Professional Services – Personalised Industry Based Solution
    • Training & Certifications – Gain Insight into Sectona Platform
  • Company
    • About Us
    • Contact Us
    • Branding
    • Customers
  • Partner
    • Find a Partner
    • Become a Sectona Partner
    • Register a Deal
  • Explore
    • Documentation
    • Downloads
    • Free Edition – Get Your Free Trial Today
    • Explore the Sectona Security Platform
Menu
  • Home
  • Platform
    • Continuous Discovery
    • Password Management
    • Secure Remote Access
    • Session Recording and Threat Analytics
    • Multi-Factor Authentication
    • Just In Time Access
    • Privileged Task Management
    • Account Lifecycle Management
    • Windows Privilege Management
    • Privileged Access Governance
  • Solutions
    • Secure remote privileged access
    • Remove Administrator Rights
    • Secure Cloud Environments
    • Automate Entitlement Reviews
    • Simplify Privileged Account lifecycle
    • PCI DSS Compliance Pertaining to Privileged Access
    • ISO 27002 Standard – Best Practices for PAM
    • SWIFT Security Framework For Privileged Access
  • Resources
    • Blog
    • PAM 101
    • Resources
  • Services
    • Professional Services – Personalised Industry Based Solution
    • Training & Certifications – Gain Insight into Sectona Platform
  • Company
    • About Us
    • Contact Us
    • Branding
    • Customers
  • Partner
    • Find a Partner
    • Become a Sectona Partner
    • Register a Deal
  • Explore
    • Documentation
    • Downloads
    • Free Edition – Get Your Free Trial Today
    • Explore the Sectona Security Platform
Home / Technology / Mapping Swift CSP Framework with Sectona PAM for Banks
ByShruti Kulkarni May 27, 2020December 29, 2022

Mapping Swift CSP Framework with Sectona PAM for Banks

Mapping-Swift-Csp-Framework-With-Sectona-Pam-For-Banks-Blog-Featured-Image

Cyber threats are ever-increasing. Recently, there have been many payment fraud incidents in customers’ local environments – As a result, SWIFT’s payment community continues to suffer from numerous cyber-attacks and breaches. 

For 2020, SWIFT promoted two existing advisory controls to mandatory and introduced two additional advisory controls resulting in 21 mandatory and ten advisory controls in the CSCF v2020. SWIFT has also launched a CSP (Customer Security Programme) to improve information sharing throughout the community. The SWIFT CSP Framework also shares best practices for fraud detection and enhances third-party providers’ support.  

Clause 1 of the SWIFT CSP framework discusses restricting internet access and protecting critical systems from the general IT environment. 

The SWIFT CSP framework speaks about SWIFT environment protection, i.e., the protection of the user’s local SWIFT environment from potentially compromising elements of the general IT environment and external environment.  

The framework states that the SWIFT user’s environment should be completely isolated. There should be complete control and access restrictions over OS Privileged accounts. It also emphasizes securing the virtualization platforms. All the virtualization platforms and virtual machines (VMs) hosting SWIFT-related components should be secured to the same level as physical systems. 

Solution Offered by Sectona Security Platform 

With its hybrid access mechanism, the Sectona Privileged Access Management (PAM) ensures secure access to critical systems, including SWIFT infrastructure. Users can access it from the internal or external environment. 

Sectona PAM allows privileged sessions to be accessed over the browser to ensure true session isolation while allowing direct client-based access without needing the agent on the target device.  

There is also a provision for access through a secure Jump Host for session isolation. In addition, users can also take access from any OS and browser without needing plugins.  

Sectona PAM has strong server privilege management & access control capabilities that segregate user access based on workforce roles & responsibilities. Unauthorized access is eliminated by way of this capability. 

The benefit of robust integrations with Virtualization platforms & VMs. And access to these platforms can be secured with the same effect as physical systems. 

Clause 2.6 of SWIFT CSP Framework Discusses Reducing Surface Attacks and Vulnerabilities.  

There should be complete operator session confidentiality and integrity to be maintained. The interactive operator sessions connecting to local SWIFT infrastructure should be protected from surface attacks and vulnerabilities. 

Solution Offered by Sectona Security Platform 

Sessions taken to the SWIFT infrastructure through Sectona PAM will be completely secured, controlled & monitored through a secure mechanism – ensuring the confidentiality & integrity of sessions. Along with MFA to access any interactive session of SWIFT via PAM.  

In addition, the threat analytics engine within Sectona PAM calculates a composite risk score for each privileged session, which helps with auditing and forensics much more easily and faster. 

Clause 2.8 of SWIFT CSP Framework Speaks About Outsourcing Critical Activities. 

It states that the local SWIFT infrastructure should be protected from the risks exposed by outsourcing critical activities. 

Solution Offered by Sectona Security Platform 

Sectona PAM enables workflow-based access for outsourced activities to ensure that access to the SWIFT infrastructure is granted only after review & approval from authorized personnel.  

For any critical activity wherein the session may need to be shared over the internet with outsourced or third party vendors, the PAM tool enables a highly secure way of collaborating without revealing credentials and generating collaborative logs identifying and logging the activities during the session. 

Clause 2.9 of SWIFT CSP Framework States that all Business Transactions Should be Controlled.  

All the business transactions in the environment should be validated and authorized by the respective counterparties. 

Solution Offered by Sectona Security Platform 

In Sectona PAM, time-based access can be provided to users taking access to SWIFT infrastructure. This ensures that the user access to SWIFT infrastructure is authorized at the pre-decided time frame. In addition, workflow-based access can also be enabled to ensure users are given access only after review & approval. Multiple levels (up to 15) of permissions can be configured with Sectona PAM. 

Clause 4 of SWIFT CSP Framework Highlights the Prevention of Credential Compromise.  

Clause 4.1 states that effective password policies should be in place. The passwords should be resilient enough to give protection against common password attacks. 

Solution Offered by Sectona Security Platform 

Sectona PAM has a strong password vault that supports customizable password change policies enabling password complexities and rotations with a wide range of combinations. Multiple Password Policies can be created and applied to an asset or group of assets.  

Sectona’s Password Vault can help schedule password changes regularly & help set password complexities as desired. The vault is highly secure & passwords are encrypted with either AES 256 encryption or RSA 2048 encryption. 

Clause 4.2 of the SWIFT CSP Framework is About Multi-Factor Authentication.  

The clause of SWIFT CSP Framework requires the prevention of compromised single authentication factors for allowing access into the SWIFT environment. 

Sectona PAM is engineered to readily integrate with MFA providers such as RSA, Vasco, Safenet, Okta, OneLogin, Duo or Google Authenticator. Alternatively, it provides proprietary in-built Mobile OTP or Push Authentication and SMS or Email OTP options for multi-factor authentication. The 2FA mechanism ensures an additional layer of security & control. 

Clause 5 of the SWIFT CSP Framework Discusses Managing Identities and Segregating Privileges.  

Clause 5.1 is about the logical access control, i.e., access should be provided on a need-to-know basis, and duties for operator accounts should be segregated. 

Solution Offered by Sectona Security Platform 

Sectona PAM follows the principle of least privileges and segregation of duties adding value by providing attribute-based grouping or AD grouping that can help reduce the human effort involved with user mapping based on roles & responsibilities. 

Clause 5.4 Speaks About Protecting the Logically and Physically Stored Passwords in the SWIFT Environment. 

Sectona PAM has a strong password vault that supports customizable password change policies enabling password complexities and rotations with a wide range of combinations. Multiple Password Policies can be created and applied to an asset or group of assets. The vault is highly secure & passwords are encrypted with either AES 256 encryption or RSA 2048 encryption. 

Clause 6 Speaks About Detecting Abnormal Activities in Systems or Transaction Records.  

Clause 6.4 of SWIFT CSP Framework states that all security events should be recorded to detect anomalous actions and operations within the local SWIFT environment. 

Solution Offered by Sectona Security Platform 

Sectona’s Session Recording module captures logs of all privileged sessions across target system sessions, including access to the SWIFT environment. In addition, the threat analytics engine within Sectona PAM calculates a composite risk score for each privileged session, which helps with auditing and forensics much more quickly.  

Sectona PAM has an in-built Risk Scoring engine with a list of predefined plausible high-risk scenarios. The risk levels for these scenarios can be configured to incorporate desired risk levels of the organization. This Risk Scoring engine will help calculate the composite risk score for each user session based on the activities in the session that, thereby, help assess the access behaviour.  

Sectona PAM has an alert and notification engine to send timely alerts to concerned personnel on executing predefined critical commands or activities. 

Conclusion 

SWIFT has included an extensive list of best practices for banks in its SWIFT CSP Framework. The latest version of the compliance document is available in this link.  

Those starting with their privileged access security programs start by targeting and identifying all privileged accounts. Leverage this list to begin your privileged access security program.   

Related Reading: Why running isolated privileged sessions for remote users is essential? 

Contents

  • 1 Clause 1 of the SWIFT CSP framework discusses restricting internet access and protecting critical systems from the general IT environment. 
  • 2 Solution Offered by Sectona Security Platform 
  • 3 Clause 2.6 of SWIFT CSP Framework Discusses Reducing Surface Attacks and Vulnerabilities.  
  • 4 Solution Offered by Sectona Security Platform 
  • 5 Clause 2.8 of SWIFT CSP Framework Speaks About Outsourcing Critical Activities. 
  • 6 Solution Offered by Sectona Security Platform 
  • 7 Clause 2.9 of SWIFT CSP Framework States that all Business Transactions Should be Controlled.  
  • 8 Solution Offered by Sectona Security Platform 
  • 9 Clause 4 of SWIFT CSP Framework Highlights the Prevention of Credential Compromise.  
  • 10 Solution Offered by Sectona Security Platform 
  • 11 Clause 4.2 of the SWIFT CSP Framework is About Multi-Factor Authentication.  
  • 12 Clause 5 of the SWIFT CSP Framework Discusses Managing Identities and Segregating Privileges.  
  • 13 Solution Offered by Sectona Security Platform 
  • 14 Clause 5.4 Speaks About Protecting the Logically and Physically Stored Passwords in the SWIFT Environment. 
  • 15 Clause 6 Speaks About Detecting Abnormal Activities in Systems or Transaction Records.  
  • 16 Solution Offered by Sectona Security Platform 
  • 17 Conclusion 
Was this article helpful?
YesNo

Recent Posts

  • Privileged User Behaviour Analytics to Analyze Threats in Advance

    Privileged User Behaviour Analytics to Analyze Threats in Advance

    January 12, 2023
  • What is a Ransomware Attack?

    What is a Ransomware Attack?

    January 9, 2023
  • Sectona is recognized as a 2022 Gartner® Peer Insights™ Customers Choice for Privileged Access Management 

    Sectona is recognized as a 2022 Gartner® Peer Insights™ Customers Choice for Privileged Access Management 

    January 5, 2023
  • One of the world’s largest mobile operators implements Sectona PAM

    One of the world’s largest mobile operators implements Sectona PAM

    December 21, 2022
  • Year-in-Review: Looking Back at 2022

    Year-in-Review: Looking Back at 2022

    December 15, 2022

Explore


  • About
  • Careers We're Hiring
  • Contact Us
  • Security Platform
  • Partners
  • Documentation
  • Sectona Blog
  • PAM 101New
  • Branding
  • Events

Capabilities


  • Continuous Discovery
  • Password Management
  • Secure Remote Access
  • Session Recording and Threat Analytics
  • Mutli-Factor Authentication
  • Just-in-Time Access
  • Privileged Task Management
  • Account Lifecycle Management

Solutions


  • Secure Remote Privileged Access
  • Remove Administrator Rights
  • Secure Cloud Environments
  • Automate Entitlement Reviews
  • Simplify Privileged Account Lifecyle
Sectona Gartner Peer Insights Rating Sectona ISO Certification
Sectona Logo

© 2023 Sectona Technologies Private Limited. All rights reserved. All trademarks held by their respective owners.

PRIVACY POLICY | TERMS | EULA | RESPONSIBLE DISCLOSURE

Scroll to top
  • Home
  • Platform
    • Continuous Discovery
    • Password Management
    • Secure Remote Access
    • Session Recording and Threat Analytics
    • Multi-Factor Authentication
    • Just In Time Access
    • Privileged Task Management
    • Account Lifecycle Management
    • Windows Privilege Management
    • Privileged Access Governance
  • Solutions
    • Secure remote privileged access
    • Remove Administrator Rights
    • Secure Cloud Environments
    • Automate Entitlement Reviews
    • Simplify Privileged Account lifecycle
    • PCI DSS Compliance Pertaining to Privileged Access
    • ISO 27002 Standard – Best Practices for PAM
    • SWIFT Security Framework For Privileged Access
  • Resources
    • Blog
    • PAM 101
    • Resources
  • Services
    • Professional Services – Personalised Industry Based Solution
    • Training & Certifications – Gain Insight into Sectona Platform
  • Company
    • About Us
    • Contact Us
    • Branding
    • Customers
  • Partner
    • Find a Partner
    • Become a Sectona Partner
    • Register a Deal
  • Explore
    • Documentation
    • Downloads
    • Free Edition – Get Your Free Trial Today
    • Explore the Sectona Security Platform