Exam CSP-Assessor Topic 2 Question 95 Discussion
Actual exam question for Swift's CSP-Assessor exam
Question #: 95
Topic #: 2
Question #: 95
Topic #: 2
What does the CSCF expect in terms of Database Integrity? (Select the two correct answers that apply)
*Swift Customer Security Controls Policy
*Swift Customer Security Controls Framework v2025
*Independent Assessment Framework
*Independent Assessment Process for Assessors Guidelines
*Independent Assessment Framework - High-Level Test Plan Guidelines
*Outsourcing Agents - Security Requirements Baseline v2025
*CSP Architecture Type - Decision tree
*CSP_controls_matrix_and_high_test_plan_2025
*Assessment template for Mandatory controls
*Assessment template for Advisory controls
*Swift Customer Security Controls Policy
*Swift Customer Security Controls Framework v2025
*Independent Assessment Framework
*Independent Assessment Process for Assessors Guidelines
*Independent Assessment Framework - High-Level Test Plan Guidelines
*Outsourcing Agents - Security Requirements Baseline v2025
*CSP Architecture Type - Decision tree
*CSP_controls_matrix_and_high_test_plan_2025
*Assessment template for Mandatory controls
*Assessment template for Advisory controls
Suggested Answer: B,C Vote an answer
CSCF Control "3.1 Database Integrity" focuses on ensuring the integrity of databases used by SWIFT-related components. Let's evaluate each option:
*Option A: Nothing is further expected when the messaging interface or connector integrates/embeds an integrity check functionality at each SWIFT transaction record level This is incorrect as a sole expectation. While embedding integrity checks (e.g., checksums or hashes) in a messaging interface or connector is a valid measure, the CSCF expects additional protections for the database itself, not just reliance on application-level checks. The "Swift Customer Security Controls Framework v2025" requires broader database security.
*Option B: When a database is used by a messaging interface or connector, the related hosted database and its supporting system is expected to be protected as a SWIFT-related component, the identified exceptions alerted and followed-up This is correct. Control 3.1 mandates that databases supporting SWIFT components (e.g., storing transaction data for Alliance Access) be protected as in-scope components. This includes securing the database and its system (e.g., via access controls, encryption) and addressing integrity exceptions through alerts and follow-up, as detailed in the "Assessment template for Mandatory controls."
*Option C: Alerts generated from performed integrity checks are captured and analyzed for appropriate treatment This is correct. The CSCF expects institutions to monitor database integrity (e.g., via logging) and analyze alerts to detect and respond to anomalies, aligning with Control "3.1" and "5.1 Operational Incident Response." The "CSP_controls_matrix_and_high_test_plan_2025" includes this as a compliance criterion.
Summary of Correct Answers:
The CSCF expects the database and its system to be protected with alerts and follow-up (B) and alerts to be captured and analyzed (C).
References to SWIFT Customer Security Programme Documents:
*Swift Customer Security Controls Framework v2025: Control 3.1 defines database integrity requirements.
*Assessment template for Mandatory controls: Includes protection and alert management.
*CSP_controls_matrix_and_high_test_plan_2025: Tests database integrity measures.
========
*Option A: Nothing is further expected when the messaging interface or connector integrates/embeds an integrity check functionality at each SWIFT transaction record level This is incorrect as a sole expectation. While embedding integrity checks (e.g., checksums or hashes) in a messaging interface or connector is a valid measure, the CSCF expects additional protections for the database itself, not just reliance on application-level checks. The "Swift Customer Security Controls Framework v2025" requires broader database security.
*Option B: When a database is used by a messaging interface or connector, the related hosted database and its supporting system is expected to be protected as a SWIFT-related component, the identified exceptions alerted and followed-up This is correct. Control 3.1 mandates that databases supporting SWIFT components (e.g., storing transaction data for Alliance Access) be protected as in-scope components. This includes securing the database and its system (e.g., via access controls, encryption) and addressing integrity exceptions through alerts and follow-up, as detailed in the "Assessment template for Mandatory controls."
*Option C: Alerts generated from performed integrity checks are captured and analyzed for appropriate treatment This is correct. The CSCF expects institutions to monitor database integrity (e.g., via logging) and analyze alerts to detect and respond to anomalies, aligning with Control "3.1" and "5.1 Operational Incident Response." The "CSP_controls_matrix_and_high_test_plan_2025" includes this as a compliance criterion.
Summary of Correct Answers:
The CSCF expects the database and its system to be protected with alerts and follow-up (B) and alerts to be captured and analyzed (C).
References to SWIFT Customer Security Programme Documents:
*Swift Customer Security Controls Framework v2025: Control 3.1 defines database integrity requirements.
*Assessment template for Mandatory controls: Includes protection and alert management.
*CSP_controls_matrix_and_high_test_plan_2025: Tests database integrity measures.
========
by Thera at Jul 10, 2026, 05:52 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).