Swift Customer Security Programme (CSP) CSP-Assessor Question # 26 Topic 3 Discussion

CSCF Control "1.2 Physical Security" requires SWIFT users to protect the physical locations of SWIFT-related servers and infrastructure from unauthorized access. Let’s evaluate:

•The control mandates measures such as restricting physical access, using surveillance, and maintaining an access control list for individuals entering server locations.

•Regular review of physical access lists is explicitly included to ensure that only authorized personnel have access and to identify any anomalies or outdated permissions. This is part of the ongoing monitoring requirement under CSCF Control "1.2" and is detailed in the "Assessment template for Mandatory controls."

•The "Independent Assessment Framework" and "CSP_controls_matrix_and_high_test_plan_2025" emphasize this as a mandatory practice to maintain physical security integrity.

Summary of Correct Answer:

The Physical Security control includes a regular review of physical access lists (TRUE).

References to SWIFT Customer Security Programme Documents:

•Swift Customer Security Controls Framework v2025: Control 1.2 requires access list reviews.

•Assessment template for Mandatory controls: Includes this as a compliance criterion.

•CSP_controls_matrix_and_high_test_plan_2025: Tests for regular access list reviews.