Physical security

To ensure the physical security of the environment used by FTM SWIFT physical security controls have to be in place to protect access to sensitive equipment, hosting sites, and storage. These controls protect against insider and external threats, and reduce opportunistic attacks enabled by access to physical systems.

Security of Removable Equipment

Sensitive removable equipment (for example, PIN Entry Device (PED), PED keys, SWIFT-related smart cards, USB Tokens, TOTP Devices) is supervised, or securely stored when not in use.
Sensitive removable equipment required for normal continuous operations (for example, hot swappable disks, HSM devices) is hosted in a data center or, at a minimum, in a locked room.
Back-up media (for example, tapes) is physically secured.

Security of the Workplace Environment

Operator workstations are located in a secured workplace environment where access is controlled and granted only to employees and other authorized workers and visitors. A separate physical area for operator PCs accessing SWIFT systems is not required.
Printers used for SWIFT transactions are located in a secured workplace environment and their access is restricted.
USB and other external access points on operator PCs are disabled to the maximum extent possible, while still supporting operations.

Security for Remote Workers (for example, teleworkers, "on call" duties)

A security policy is established to support expected use cases for remote workers. The following items are considered when establishing the policy:

Physical security of the expected teleworking environment
Rules for personal equipment used for SWIFT business purposes (for example, personal workstations cannot be used to access the SWIFT infrastructure, however personal mobile devices can be used as a second authentication factor)
Security during use in public environments