CSF v.2024 summary of changes:
Mandatory Outsourced Critical Activity Protection (Control 2.8): Reflecting the increased use of outsourcing and cloud services, this control has been made mandatory, with additional clarifications provided to ensure comprehensive protection of outsourced critical activities.
Phased Promotion of Back Office Data Flow Security (Control 2.4A): To encourage the early identification and securing of back-office data flows and the servers facilitating these connections, changes have been made to this control. While it remains advisory for now, organizations are urged to start identifying and assessing these flows for security.
Clarifications and Minor Changes: To improve usability and comprehension, various controls have been clarified or slightly modified. These include:
Integration and Monitoring Enhancements: The framework now more explicitly integrates Control 6.4 (Logging and Monitoring) across other controls where log monitoring is relevant, and Control 7.4 (Scenario-based Risk Assessment) acknowledges the use of existing information security risk management processes.
Revisions in Appendices and Framework Structure:
Corrections and Updates from the October 2023 Publication: These include combining the first two principles to support the framework’s objectives, aligning sections on the scope of security controls, corrections in the Security Controls Summary Table, and updates in the Risk Driver Summary Matrix.
These changes reflect Swift’s continued focus on enhancing the security framework in response to evolving needs, particularly considering the increased adoption of outsourcing and cloud-based solutions within the community.
World Informatix Cyber Security is a global leader in SWIFT CSP Assessments, remediation guidance, and consultation.
Please contact us at info@worldinformatix.com for a free consultation.