Control Definition
Control Objective: Protect the confidentiality of SWIFT-related data transmitted or stored outside of the secure zone as part of operational processes.
In-scope components:
- SWIFT-related secure zone sensitive data (such as back-ups, business transaction details, and credentials)
Risk Drivers:
- compromise of trusted back-up data
- loss of sensitive data confidentiality
Implementation Guidance
Control Statement:
Sensitive SWIFT-related data that leaves the secure zone as a result of operating system/application back-ups, business transaction data replication for archiving or recovery purposes, or extraction for offline processing is protected when stored outside of a secure zone and is encrypted while in transit.
Control Context:
While 2.4A covers the back-office application flows with the SWIFT-related components, this control covers the underlying SWIFT-related data that resides in the cloud or is exported from the secure zone and manipulated as per operational activities (such as back-ups or manual/automated data extraction/copies).
Operating system or applications back-ups and the replication of business transaction data can provide useful information to prepare fraudulent transactions. The transfer, handling, and storage outside of secure zones (when, for example, using the SAN/NAS27 technology) must therefore be secured to prevent unauthorised access. Flowor data encryption are usual means to protect such data in transit.
Back-up encryption, encryption of data at rest, or appropriate authorisation and access controls are usual means to protect stored data.
Offline processing covers, for example, processing performed for support activities, additional analysis, or business intelligence activities.
Implementation Guidelines:
The implementation guidelines are common methods to apply the relevant control. The guidelines are a helpful way to begin an assessment, but should never be considered as an "audit checklist" as each user’s implementation may vary. Therefore, in cases where some implementation guidelines elements are not present or partially covered, mitigations as well as particular environment specificities must be considered to properly assess the overall compliance adherence level (as per the suggested guidelines
or as per the alternatives).
- Replicated or extracted SWIFT-related sensitive data (business transaction data that reveals details such as involved debtors, creditors, accounts, amounts, trade information), passwords, and other authenticators are as follows:
- Protected from unauthorised access when stored outside of the SWIFT or customer secure zone or another secure zone that has similar controls as the SWIFT or customer secure zone. Such replicated or extracted data is also ideally encrypted when stored outside of a secure zone (this can be achieved either at the data, file, application, or system level).
- Encrypted when in transit between secure zones (for example, between data centres) or transferred outside of a secure zone (SWIFT or another zone that has similar controls). Encryption can be applied on the data or at the network/communication/transport layer.
- When relying on a remote virtualisation platform (hosted or operated by a third party, or both) it is recommended to ensure the encryption of the data. This can be obtained at the subscription level or at the storage level, expected to be offered by the third party to provide a guarantee in regard to access to stored data.
- Encryption protocols or mechanisms use a current, commonly accepted cryptographic algorithm (for example, AES28 or ECDHE29) with key lengths in line with current best practices. For more information about cryptographic algorithms that currently support secure protocols, see SWIFT Knowledge Base article 5021566.
- Encryption mechanisms comply with applicable laws and regulations 30.
- If the cryptography protecting SWIFT-related sensitive data has been compromised, then a process should be established to apply new cryptography and secure or destroy any compromised copies of the data.
Note: It is expected that back-ups kept for business or system recovery are maintained in a secure zone that has similar controls to the SWIFT or customer secure zone.
