DTS Solution listed as a provider in SWIFT CSP Assessment Providers directory

New service designed to help financial institutions in Middle East strengthen their defenses against cyber-attacks.

DTS Solution, a leading cyber security advisory and consulting firm in the UAE, today announced that it has become a SWIFT Customer Security Program (CSP) assessment provider. DTS Solution will offer SWIFT CSP assessment services to help customers comply with SWIFT CSP standards by assessing the design and implementation of security controls.
New service designed to help financial institutions in Middle East strengthen their defenses against cyber-attacks.
DTS Solution, a leading cyber security advisory and consulting firm in the UAE, today announced that it has become a SWIFT Customer Security Program (CSP) assessment provider. DTS Solution will offer SWIFT CSP assessment services to help customers comply with SWIFT CSP standards by assessing the design and implementation of security controls.

SWIFT Customer Service Program (CSP)

SWIFT (Society for Worldwide Interbank Financial Telecommunication) is a global member-owned cooperative and the world’s leading provider of secure financial messaging services. In response to a surge in cyber-attacks targeting financial institutions back in 2016, SWIFT has introduced a Customer Security Program (CSP) that all its customers must comply with, further to SWIFT’s Customer Security Controls Framework (CSCF).

SWIFT Customer Security Program (CSP) is a programme designed to help financial institutions improve their cyber security posture, reduce the risk of cyber-attacks and minimize financial loss due to fraudulent activities through a set of mandatory and advisory security controls. All SWIFT member organizations must comply by submitting an annual security attestation to demonstrate compliance with the controls outlined in the framework.

SWIFT Customer Service Program (CSP)

SWIFT (Society for Worldwide Interbank Financial Telecommunication) is a global member-owned cooperative and the world’s leading provider of secure financial messaging services. In response to a surge in cyber-attacks targeting financial institutions back in 2016, SWIFT has introduced a Customer Security Program (CSP) that all its customers must comply with, further to SWIFT’s Customer Security Controls Framework (CSCF).

SWIFT Customer Security Program (CSP) is a programme designed to help financial institutions improve their cyber security posture, reduce the risk of cyber-attacks and minimize financial loss due to fraudulent activities through a set of mandatory and advisory security controls. All SWIFT member organizations must comply by submitting an annual security attestation to demonstrate compliance with the controls outlined in the framework.

Evolution of SWIFT CSP Security Controls

Threat actors are sophisticated and cyber-attacks continue. CSP is a set of cyber security controls which are based on various industry standards and frameworks. The SWIFT CSCF has evolved from 27 controls in 2017 to 31 controls in 2021. v2021 has three core objectives and consists of 22 mandatory and 9 advisory security controls for customers.

The mandatory controls establish a security baseline for all members and must be implemented by users to secure their local SWIFT related infrastructure, while the advisory controls are based on best practices.

2021 CSP Assessment Methodology

From mid-2021, the CSP changes demand “Community Standards Assessments” for all users. This means any SWIFT CSP attestation submitted from 2021 needs to get independently assessed. This process can be performed either by external or internal assessments.

External assessments are performed by a SWIFT CSP provider with cybersecurity assessment experience and relevant industry certifications.

Internal Assessments are usually performed by a user’s second or third line of defense function with appropriate cyber security expertise.

Evolution of SWIFT CSP Security Controls
Threat actors are sophisticated and cyber-attacks continue. CSP is a set of cyber security controls which are based on various industry standards and frameworks. The SWIFT CSCF has evolved from 27 controls in 2017 to 31 controls in 2021. v2021 has three core objectives and consists of 22 mandatory and 9 advisory security controls for customers. The mandatory controls establish a security baseline for all members and must be implemented by users to secure their local SWIFT related infrastructure, while the advisory controls are based on best practices.
2021 CSP Assessment Methodology

From mid-2021, the CSP changes demand “Community Standards Assessments” for all users. This means any SWIFT CSP attestation submitted from 2021 needs to get independently assessed. This process can be performed either by external or internal assessments.

External assessments are performed by a SWIFT CSP provider with cybersecurity assessment experience and relevant industry certifications.

Internal Assessments are usually performed by a user’s second or third line of defense function with appropriate cyber security expertise.

Our approach to SWIFT CSP Assessment

DTS Solution has developed a comprehensive assessment service for SWIFT CSP and can help customers in achieving compliance to CSP standards. This includes conducting gap assessment to identify flaws in security controls and implementing necessary security controls to adhere to SWIFT CSP requirements.

 

SWIFT does not certify, warrant, endorse or recommend any service provider listed in its directory and SWIFT customers are not required to use providers listed in the directory.

Our approach to SWIFT CSP Assessment

DTS Solution has developed a comprehensive assessment service for SWIFT CSP and can help customers in achieving compliance to CSP standards. This includes conducting gap assessment to identify flaws in security controls and implementing necessary security controls to adhere to SWIFT CSP requirements.

 

SWIFT does not certify, warrant, endorse or recommend any service provider listed in its directory and SWIFT customers are not required to use providers listed in the directory.