SWIFT 7.2 & Customer Security. Providing choice, flexibility & control.

Similar documents
Alliance Release 7.2. Jambul TOLOGONOV. April 2017

How to meet SWIFT s operational requirements in 2018

SWIFT Customer Security Controls Framework and self-attestation via The KYC Registry Security Attestation Application FAQ

Secure Access & SWIFT Customer Security Controls Framework

Interface Certification for a FIN Interface

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Interface Certification for a RMA Interface

the SWIFT Customer Security

How to Improve your Resiliency. Lebanon s Banking Community

Interface Certification for a Store-andforward FileAct Messaging Interface

Oracle Data Cloud ( ODC ) Inbound Security Policies

AUTHORITY FOR ELECTRICITY REGULATION

Building your ISO implementation roadmap

The Common Controls Framework BY ADOBE

Interface Certification for a Real-time FileAct Messaging Interface

Daxko s PCI DSS Responsibilities

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Data Security and Privacy Principles IBM Cloud Services

Certification from SWIFT The ultimate validation of skills

SWIFT Overview. Association of International Bank Auditors. Amanda De Castro, Sales Services James Wills, Banking Initiatives, Standards

If you are having difficulties viewing this please click here. Home Ordering & Support myswift January 2017

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

EBPI Critical Payments Solutions for a market in turbulence. Frank Kooistra, Product Owner

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

SWIFT Certified Applications RTGS. Technical validation Guide Version 1.1

If you are having difficulties viewing this please click here. Home Ordering & Support myswift August 2017

Network Security Policy

SoftLayer Security and Compliance:

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

CompTIA CAS-002. CompTIA Advanced Security Practitioner (CASP) Download Full Version :

Interface Certification for a FIN Interface

PeopleSoft Finance Access and Security Audit

VMware vcloud Air SOC 1 Control Matrix

SFC strengthens internet trading regulatory controls

Watson Developer Cloud Security Overview

General Information for Service Bureau

McAfee Database Security

CSDs and Securities Market Infrastructures

SWIFT Customer Security Programme

Security and Compliance at Mavenlink

Collateral Management

A QUICK PRIMER ON PCI DSS VERSION 3.0

SECURITY PRACTICES OVERVIEW

SECURITY & PRIVACY DOCUMENTATION

Interface Certification for a Real-time FileAct Messaging Interface

Integrigy Consulting Overview

Cyber security tips and self-assessment for business

Interface Certification for a Real-time FileAct Messaging Interface

SWIFT Certified Application Exceptions and Investigations

AWS Webinar. Navigating GDPR Compliance on AWS. Christian Hesse Amazon Web Services

PCI compliance the what and the why Executing through excellence

Interface Certification for a Store-andforward FileAct Messaging Interface

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

TAS Network FOCUS ON. Ready for SWIFTNet 7.0!

Guidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17

Alliance Monitoring Add-On

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

HPE Security ArcSight. ArcSight Data Platform Support Matrix

Customer Security Programme (CSP)

Canada Life Cyber Security Statement 2018

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

FedRAMP: Understanding Agency and Cloud Provider Responsibilities

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Interface Certification for a Store-andforward InterAct Messaging Interface

IBM Security Intelligence on Cloud

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

Payment Card Industry Internal Security Assessor: Quick Reference V1.0

ISE North America Leadership Summit and Awards

PCI DSS COMPLIANCE 101

CoreMax Consulting s Cyber Security Roadmap

ASX ReferencePoint ISO Intra-Day Corporate Actions. SWIFT Readiness Guide

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

City of Portland Audit: Follow-Up on Compliance with Payment Card Industry Data Security Standard BY ALEXANDRA FERCAK SENIOR MANAGEMENT AUDITOR

Securing Web Applications. Architecture Alternatives. Web Application Security Roadmap. Defense in Depth. Defense in Depth

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

IBM Case Manager on Cloud

SWIFT Customer Security Program

Corporates Cash Management

SWIFT Certified Applications. Trade Finance. Technical validation Guide Version 1.1

Maximize Your Assets Securely and Cost Effectively

RMS(one) Solutions PROGRESSIVE SECURITY FOR MISSION CRITICAL SOLUTIONS

CYBERSECURITY RISK LOWERING CHECKLIST

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

Security. Official. Company Profile

June 2012 First Data PCI RAPID COMPLY SM Solution

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

PCI DSS Compliance. White Paper Parallels Remote Application Server

CYBER SECURITY POLICY REVISION: 12

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

RTGS Application. SWIFT Certified Application. Label Criteria 2018

Google Cloud & the General Data Protection Regulation (GDPR)

Product Versioning and Back Support Policy

University of Sunderland Business Assurance PCI Security Policy

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Security as Code: The Time is Now. Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS

Cloud Customer Architecture for Securing Workloads on Cloud Services

Internal Audit Report DATA CENTER LOGICAL SECURITY

InterCall Virtual Environments and Webcasting

Transcription:

SWIFT 7.2 & Customer Security Providing choice, flexibility & control. 0

SWIFT 7.2 UPGRADE: WHAT DO YOU NEED TO KNOW? DECEMBER 6, 2017 Patricia Hines, CTP Senior Analyst, Corporate Banking Celent

SWIFT 7.2 Upgrade: What s Happening? SWIFT is upgrading the Alliance product suite, including: Alliance Access 7.2 Alliance Entry 7.2 Alliance RMA 7.2 Alliance Gateway 7.2 Alliance Remote API 7.2 SWIFTNet Link 7.2 Alliance Web Platform 7.2 Source: SWIFT Website Introduction of 64-bit architecture and new operating system requirements: AIX 7.2, Red Hat Enterprise Linux (RHEL) 7.2, Oracle Solaris 11.3, and Windows Server 2016 This mandatory upgrade is necessary to continue to provide a highly secure and efficient SWIFT service for our customers in the years ahead SWIFT 2

Why is SWIFT Updating its Release Policy Principles? Cyber threats and security vulnerabilities require more regularly releases security updates Formerly, security updates with combined with functional updates, on an ad hoc basis Release Policy Principles: Clear end of support dates will be defined at the availability of an annual release One planned release per year (aligned with message standards release) Annual version supported for 2 years of maintenance and 7 months of migration support And more Mandatory security updates will be issued once per year, with possible quarterly releases (if required) Source: SWIFT Premium Forum Americas, New York City, May 1 st 2017 3

SWIFT 7.2 Upgrade: What is the Impact? The mandatory SWIFT 7.2 upgrade and technology refresh require: Upgrading SWIFT software components Upgrading operating system software baseline and move to 64 bit Evaluation and potential upgrade of existing hardware Significant systems and user acceptance testing New hardware model for HSM and 3SKey tokens Full impact cannot be determined without a detailed gap analysis Source: SWIFT Website 4

SWIFT: What Else is Happening? SWIFT Accord services decommissioned October 2017 Customer Security Programme (CSP) compliance attestation required by December 31 2017 SWIFT 2017 MT (FIN) and MX Maintenance Release required by November 17 2018 SWIFT FileAct Enhancements SWIFT 2018 MT (FIN) and MX Maintenance Release required by November 2019 (New SWIFT Trade Messages) 5

SWIFT Updates: What is the Timeline? FileAct Enhancements Nov 2018 7.2 Preliminary Release Overview Sept 2015 Aug 2017 7.2 General Distribution SWIFT MT Release 2018 Issued Dec 2017 Nov 2018 SWIFT 7.2 Upgrade Mandatory Completion Nov 2018 SWIFT MT & MX Release 2018 Live 6

SWIFT 7.2 & Customer Security Providing choice, flexibility & control. 7

Planning for 7.2 Upgrade all SWIFT Applications Change environment Hardware OS MQ Changes to comply with Customer Security Controls 8

We understand your challenges How does it impact you (in-house)? Services to upgrade SWIFT Applications Costs of replacing OS Evaluation of hardware replacement Customer security controls changes How does it impact you (Service Bureau)? Supporting vendor through testing of new platform Customer Security controls changes 9

What are your options? 2 Options: 1) Currently In-house: - Stay in-house - Outsource all or part of the infrastructure 2) Currently outsourced: - Stay outsourced - Move in-house PayCommerce well-positioned to support both options SWIFT Certified Specialists (for in-house) SWIFT Certified Service Bureau 10

SWIFT Architecture Connectivit y 11

Swift Connectivity and Messaging Overview Messaging Connectivity VPN Tunnel over Internet or Leased Line(s) VPN Manual End-Users of SAA Back-office integration with SAA SWIFT messaging interface (SAA) Firewall SWIFT Alliance Gateway (SAG) & SNL VPN VPN Appliances SWIFT Web Platform (SWP) Hardware Security Module 12

Service Bureau Outsourcing Options Outsourcing Options 1 Shared Services Multi-tenant Service Bureau 2 Connectivity SAA and Non Swift messaging support 3 Dedicated Services Single tenant, dedicated network / servers for messaging interface 13

SWIFT 7.2 Upgrade File Act Enhancements Functionality 2 GB file size supported (previously 250 MB) Resilience Automatic resume of interrupted file transfers Unknown status requiring manual intervention eliminated Efficiency Logical file name returned in delivery notification for reconciliation Ability to use all available bandwidth No limit on number of concurrent transfers Dynamic control of concurrent transfers Cannot change to production w/o SWIFT authorization Remote file handler, SNL & SAG 7.0.50 mandatory. Not all users are compliant. 14

Changes in MQ SAA Interface changes Only MQ Client supported, not MQ server MQ Client Version supported 8.0.0.6 except 8.0.0.8 on Windows IBM released MQ 9.0 on June 2, 2016 MQ 9.0 will not be supported for 2 to 3 years 15

7.2 Upgrade Process Planning Involve Business, IT & Security teams SWIFT Best practice check tool (34 checks) Decisions on hardware, OS, security, outsourcing Budget approvals Preparation Checklists (comprehensive checklist is 13 pages) Customized for each customer Confirmation that a checklist item has been completed How we can help Execution Upgrade Test Go live 16

The Deadline November 30, 2018 Will lose the ability to transact over SWIFT if migration not completed Migration window SWIFT allows 15 months Out of 15 months, 3 are already over So only 12 (or more likely 11) months remaining Resources The closer you get to November 30, the shorter the resources from vendors will be November is also the 2018 message standards release Plan now!! Execute ahead of deadline 17

Service Bureau Timeline Test Environment March 31, 2018 7.2 test environment available in parallel with 7.1 Production Environment September 30, 2018 Go live dependent on SWIFT confirmation for FileAct 18

Alliance Products --Compatibility HSM Box IS6 (No change) Software version 6.1 compatible with SNL 7.0.50 Remote PED Firmware to 2.7.0-3 Remote PED WorkStation software to 7.2.0.1 HSM Tokens New, requires SNL 7.2. SNL & SAG must be installed together Compatible with SAA / SAE 7.1.x SAA 7.2 Requires SAG / SNL 7.2 Any applications that use ADK must also be upgraded AWP 7.2 required for all 7.2 products 19

Alliance Products Upgrade Roadmap General Principles Set-up new environment: Must get new hardware Install new OS Install Alliance software and import data Upgrade Path If HSM box, upgrade HSM software, Remote PED firmware, workstation software Install AWP 7.2 (but retain older AWP version) Install SNL and SAG together If HSM token, install HSM token Install SAA / SAE Decommission older AWP version. 20

Customer Security CSP and SIP Customer Security Program (CSP) is for SWIFT customers Shared Infrastructure Program (SIP) is for Service Bureaux SIP is more extensive with on-site audit (60+ controls) SIP being explicitly aligned with CSP in 2018 Deadlines and SWIFT Actions for CSP Event Deadline SWIFT Action Self-attestation Dec 31, 2017 Local regulators or supervisory authorities informed Compliance with controls Dec 31, 2018 Local regulators or supervisory authorities informed 21

What You need to do for Self-Attestation Collect Data Baseline document available to help you with what data you have to collect Enter into self-attestation application on swift.com Part of SWIFT s KYC Registry This application is non-trivial. Where you can get help support@swift.com, 540-825-6056 JOHNSTON Jonathan Jonathan.JOHNSTON@swift.com PayCommerce 22

What s your architecture A1: Full Stack A2: Partial Stack (Messaging in-house, Connectivity Outsourced) A3: Software application to facilitate communication B: No local footprint 23

How many Controls are Applicable Architectur e A Architectur e B Mandatory 16 11 Advisory 11 9 Total 27 20 24

Service Bureau: Architecture A3 or B? User interface (B) MQ (B) File Transfer Application: Do you consider this middleware? Yes: B No: A3 SWIFT or PayCommerce cannot make this decision Your judgment and interpretation of the framework 25

How PayCommerce can help - 1 # Name Description Not for distribution 1.1 A SWIFT Environment Protection Secure Zone implementation 2.1 A Internal Data Flow Security Data flows between SWIFT applications 2.2 B Security Updates SWIFT application patches 2.4A B Back-office data flow security TLS, LAU implementations 2.6A B Operator Session Confidentiality and Integrity https, lock-out feature 2.9A B Transaction Business Controls RMA, Reconciliation, limit LT logins. 4.1 B Password Policy For SWIFT applications 4.2 B Multi-factor authentication For SWIFT applications 5.1 B Logical Access Controls Least privilege, segregation of duties, 4-eyes for SWIFT applications 6.2 A Software Integrity For SWIFT applications 6.3 A Database Integrity For SWIFT Applications 6.4 B Logging and Monitoring Event Journal, Automated alerting 26

How PayCommerce can help - 2 # Name Description 2.7A B Vulnerability Scanning Vulnerabilities within SWIFT environment 6.5A A Intrusion Detection Network activity tracked for intrusion 7.1 B Cyber Incident Response Planning Reviewed annually and tested once in 2 years 7.3A B Penetration Testing Application, host and network testing 27

Thank You 28

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback