SWIFT Customer Security Controls Framework
Quickly Secure Your Global SWIFT Infrastructure
SWIFT requires that members self-attest compliance with mandatory security controls. The SWIFT Customer Security Controls Framework comprises a core set of mandatory and advisory security controls for all SWIFT members. All controls are articulated around three overarching objectives—Secure Your Environment, Know and Limit Access, and Detect and Respond—and are supported by 8 security principles and 27 security control objectives.
Illumio Core™ prevents the spread of breaches with real-time application dependency mapping and security segmentation. Enterprises use Illumio to achieve and demonstrate SWIFT compliance. Illumio Core addresses seven of the sixteen mandatory controls.
Execute a Zero Trust security strategy
Enable segmentation with orchestration and analytics to protect financial systems from lateral movement attacks.
- Gain real-time visibility into connections and flows across financial applications.
- Understand the attack surface with the combination of an application dependency map and a vulnerability map.
- Create security segmentation policies that follow the workload.
- Continuously detect for change, unauthorized connection attempts, and policy deviations.
- Integrate with third-party security information and event management (SIEM) and orchestration tools.
Use the enforcement points that you already have
Avoid cost and complexity that stems from re-architecting networking backbone and introducing more networking/SDN and data center firewalls resources.
- Program the existing host-based stateful firewalls in every workload (with no kernel modifications), programming access control lists (ACLs) into bare-metal, virtual machines, load balancers, existing switches, and public cloud security groups.
- Enforce data-in-motion encryption by programming IPsec connectivity between Linux or Windows workloads without requiring changes or an upgrade to the network infrastructure.
- Secure enterprise Microsoft applications with out-of-the-box Segmentation Templates.
Enable security segmentation across heterogeneous compute environments
Deliver a single control plane for architecting and operationalizing security across microperimeters
- Create security segmentation policies across bare-metal, virtual machines, clouds, containers, load balancers, and switches.
- Program the custom level of segmentation granularity— from environmental separation to process-level control and micro-segmentation.
"We had a compliance need which required us to enable firewalls on approximately 500 internal systems within a 3-month period. Without the ability to map and visualize traffic ahead of setting up firewall policies for these systems, we would not have been