Swift Customer Security Programme (CSP) CSP-Assessor Question # 9 Topic 1 Discussion

Bridging servers facilitate data exchange between the back-office systems (e.g., Treasury Management Systems) and the SWIFT infrastructure (e.g., Alliance Access or Gateway). The CSCF scope includes components that handle SWIFT-related data or connectivity. Let’s evaluate:

•The "Swift Customer Security Controls Framework v2025" defines the secure zone and includes internal data transmission components. Bridging servers, as part of the data flow between back-office and SWIFT infrastructure, are considered in scope, particularly under Control "2.1 Internal Data Transmission Security" (mandatory) and related advisory controls (e.g., 2.3 System Hardening).

•The "CSP Architecture Type - Decision tree" includes such servers when they are part of the SWIFT environment, even if some controls are advisory depending on the architecture (e.g., A1 or A2).

•The "Assessment template for Advisory controls" applies to bridging servers for non-mandatory measures, while mandatory controls ensure secure data exchange.

Summary of Correct Answer:

Bridging servers are in scope of CSCF security controls, with some being advisory (TRUE).

References to SWIFT Customer Security Programme Documents:

•Swift Customer Security Controls Framework v2025: Control 2.1 includes bridging servers.

•CSP_controls_matrix_and_high_test_plan_2025: Lists applicable controls.

•Assessment template for Advisory controls: Applies to bridging servers.

========