Professional Documents
Culture Documents
SWIFT Alliance Security Guidance Checklist
SWIFT Alliance Security Guidance Checklist
SWIFT Alliance Security Guidance Checklist
The purpose of this document is to provide a checklist for the reader about SWIFT's minimum set of security-related
recommendations for customers using Release 7.3 and 7.4 products (Alliance Web Platform Server-Embedded, Alliance
Access/Entry, Alliance Gateway, and SWIFTNet Link). The document is also linked with SWIFT Customer Security
Controls Framework (CSCF V2019).
30 April 2019
Alliance Table of Contents
Security Guidance Checklist
Table of Contents
30 April 2019 2
Alliance Table of Contents
Security Guidance Checklist
Legal Notices................................................................................................................................................... 39
30 April 2019 3
Alliance SWIFT Security Roles and Responsibilities for Customers
Security Guidance Checklist
30 April 2019 4
Alliance SWIFT Security Roles and Responsibilities for Customers
Security Guidance Checklist
SSO.05 An audit report that lists all past and ongoing Secure
offline SWIFTNet security officer activities in Channel
Secure Channel is generated and reviewed
regularly (at least annually, ideally more
frequently).
SSO.06 A report on activity logs that lists all security O2M (Activity
management changes performed in the Log)
SWIFTNet Online Operations Manager is
generated and reviewed regularly (at least
annually, ideally more frequently).
30 April 2019 5
Alliance SWIFT Security Roles and Responsibilities for Customers
Security Guidance Checklist
30 April 2019 6
Alliance SWIFT Security Roles and Responsibilities for Customers
Security Guidance Checklist
swift.com Administrators
30 April 2019 7
Alliance SWIFT Security Roles and Responsibilities for Customers
Security Guidance Checklist
System Administrators
Other roles
More detailed and specific information on logical access control applicable for Alliance applications
users is provided in
30 April 2019 8
Alliance SWIFT Security Roles and Responsibilities for Customers
Security Guidance Checklist
30 April 2019 9
Alliance SWIFT Security Roles and Responsibilities for Customers
Security Guidance Checklist
30 April 2019 10
Alliance Local Network Security
Security Guidance Checklist
NET.02 Firewall rules are in place between the end Alliance Web
user's browser and Alliance Web Platform Platform
Server-Embedded, allowing only HTTPS. Server-
Embedded
30 April 2019 11
Alliance Local Network Security
Security Guidance Checklist
30 April 2019 12
Alliance Local Network Security
Security Guidance Checklist
30 April 2019 13
Alliance Secure Local Server Environment
Security Guidance Checklist
30 April 2019 14
Alliance Secure Local Server Environment
Security Guidance Checklist
30 April 2019 15
Alliance Secure Local Server Environment
Security Guidance Checklist
(1) This is the ID used in the Security Best Practices Check Tool.
30 April 2019 16
Alliance Secure Local Server Environment
Security Guidance Checklist
30 April 2019 17
Alliance Secure Local Client Environment
Security Guidance Checklist
30 April 2019 18
Alliance Secure Local Application Environment
Security Guidance Checklist
30 April 2019 19
Alliance Secure Local Application Environment
Security Guidance Checklist
(1) This is the ID used in the Security Best Practices Check Tool.
30 April 2019 20
Alliance Secure Local Application Environment
Security Guidance Checklist
30 April 2019 21
Alliance Secure Local Application Environment
Security Guidance Checklist
30 April 2019 22
Alliance Secure Local Application Environment
Security Guidance Checklist
30 April 2019 23
Alliance Secure Local Application Environment
Security Guidance Checklist
30 April 2019 24
Alliance Secure Local Application Environment
Security Guidance Checklist
Alliance Gateway
30 April 2019 25
Alliance Secure Local Application Environment
Security Guidance Checklist
30 April 2019 26
Alliance Secure Local Application Environment
Security Guidance Checklist
CLA.02 For the following security parameters, set the Alliance Web
recommended value: Platform
Server-
• Password Expiration - Controls the
Embedded
number of days that a password can be
used before it expires and consequently
must be changed. Recommended value:
90
• Password History Size - Number of
passwords stored in the password history.
Recommended value: 8
• Dormant Disable Period - Defines the
number of days after which a user is set
to dormant if there was no successful
login. Recommended value: 120
30 April 2019 27
Alliance Secure Local Application Environment
Security Guidance Checklist
30 April 2019 28
Alliance Secure Local Application Environment
Security Guidance Checklist
30 April 2019 29
Alliance Secure Local Application Environment
Security Guidance Checklist
The off-the-shelf application used for generating a Time-based one-time Password (TOTP) is not
installed on the PC from which you access Alliance Web Platform Server-Embedded.
30 April 2019 30
Alliance Secure Local Application Environment
Security Guidance Checklist
30 April 2019 31
Alliance Secure Local Application Environment
Security Guidance Checklist
30 April 2019 32
Alliance Secure Local Application Environment
Security Guidance Checklist
30 April 2019 33
Alliance Secure Local Application Environment
Security Guidance Checklist
HSM.01 The PIN Entry Device (PED) and PED keys HSM
are securely stored.
30 April 2019 34
Alliance Secure Local Application Environment
Security Guidance Checklist
30 April 2019 35
Alliance Secure Local Application Environment
Security Guidance Checklist
30 April 2019 36
Alliance Other Security Recommendations
Security Guidance Checklist
30 April 2019 37
Alliance Other Security Recommendations
Security Guidance Checklist
30 April 2019 38
Alliance Legal Notices
Security Guidance Checklist
Legal Notices
Copyright
SWIFT © 2019. All rights reserved.
Restricted Distribution
Do not distribute this publication outside your organisation unless your subscription or order
expressly grants you that right, in which case ensure you comply with any other applicable
conditions.
Disclaimer
The information in this publication may change from time to time. You must always refer to the
latest available version.
Translations
The English version of SWIFT documentation is the only official and binding version.
Trademarks
SWIFT is the trade name of S.W.I.F.T. SCRL. The following are registered trademarks of SWIFT:
3SKey, Innotribe, MyStandards, Sibos, SWIFT, SWIFTNet, SWIFT Institute, the Standards Forum
logo, the SWIFT logo and UETR. Other product, service, or company names in this publication are
trade names, trademarks, or registered trademarks of their respective owners.
30 April 2019 39