Control Definition
Control Objective: Ensure the confidentiality, integrity, and authenticity of application data flows between local SWIFT-related components.
In-scope components:
- local or remote (hosted and or operated by a third party, or both) SWIFT infrastructure and related components
Risk Drivers:
- loss of sensitive data confidentiality
- loss of sensitive data integrity
- unauthenticated system traffic
- unauthorised access
- password theft
Implementation Guidance
Control Statement:
Confidentiality, integrity, and authentication mechanisms are implemented to protect SWIFT-related component to-component or system-to-system data flows.
Control Context:
The protection of internal data flows safeguards against unintended disclosure, modification, and access of the data while in transit.
Implementation Guidelines:
The implementation guidelines are common methods to apply the relevant control. The guidelines are a helpful way to begin an assessment, but should never be considered as an "audit checklist" as each user’s implementation may vary. Therefore, in cases where some implementation guidelines elements are not present or partially covered, mitigations as well as particular environment specificities must be considered to properly assess the overall compliance adherence level (as per the suggested guidelines
or as per the alternatives).
- All data flows between SWIFT-related components are protected using a secure mechanism (for example, by using Local Authentication (LAU) in combination with a confidentiality protection21 or by using two-way TLS) to support the confidentiality, integrity, and mutual authentication of the data flows. This includes the following data flows:
- RMA application to messaging interface
- GUI to messaging interface
- GUI to communication interface
- messaging interface to communication interface
- Secure protocols use current, commonly accepted cryptographic algorithms (for example, AES22 and ECDHE23) with key lengths in line with the current best practices. For more information about cryptographic algorithms that support secure protocols, see SWIFT Knowledge Base article 5021566.
- Credentials and private keys used, and usually stored, by the applications to secure the flows are protected (large spectrum of protection, from definition and usage of secure coding guidelines to usage of specific solutions, can be envisaged based on user’s risk management).
