Swift
CSP-Assessor
Q1:
The Swift secure zone is composed of a Swift connector, a middleware server and a back office system Is the selection of only one of the above components a representative sample based on the High-Level Test Plan (HLTP) guidelines?
○
A
Yes○
B
No
Swift
CSP-Assessor
Q2:
Where is the implementation of multi-factor authentication deemed sufficient to support control 4.2 compliance? (Choose all that apply.)
☐
A
When accessing an outsourcing agent or an L2BA Swift-related application☐
B
When logging-in on an interface, a connector, or the system running such component☐
C
When login on the jump server filtering access to local Swift secure zone☐
D
On the General Operator PC used to access a Swift-related component
Swift
CSP-Assessor
Q3:
Is the restriction of Internet access only relevant when having Swift-related components in a secure zone?
○
A
Yes, because if there is no secure zone then the internet connectivity does not need to be restricted○
B
No, because there can be in-scope general operator PCs used to access a Swift-related application hosted at a service provider
Swift
CSP-Assessor
Q4:
How many Swift Security Officers does an organization need at minimum?
○
A
1○
B
2○
C
3○
D
4
Swift
CSP-Assessor
Q5:
What does the CSCF expect in terms of Database Integrity? (Choose all that apply.)
☐
A
Nothing is needed when the messaging or connector integrates/embeds an integrity check functionality at each Swift transaction record level.☐
B
When a database is used by a messaging interface or connector, the related hosted database and its supporting system must be protected as a Swift-related component and exceptions alerted☐
C
Alerts generated from performed integrity checks are captured and analysed for appropriate treatment