Kashef has designed a security control framework program for the banking system and banking information systems. In this program, 1,135 security requirements have been defined that each bank must gradually implement to achieve a high level of security.

According to IDEA, the aim of this project is to create a comprehensive information security reference, improve interactions in the field of information security, develop the necessary mechanisms for assessing the effectiveness of security controls, provide direction, create momentum, and synchronize security measures. This program is being implemented over a long-term schedule, and specific security plans are defined for banks each year so that by implementing these plans, they can gradually enhance their security level.

In this program, five security levels have been defined for banks, with level 5 being the highest. Banks are intended to reach levels 4 and 5 within a specific timeframe.

This program, prepared by Kashef Electronic Security Management Company in collaboration with the Central Bank, comprises six areas, including 16 sub-areas.

Meisam Najjar, the head of Kashef’s monitoring unit, announced that banks are required to implement specific controls based on their maturity level, ranging from one to five.

In recent years, banks and financial institutions have taken various measures to enhance their security systems. For this reason, in the initial phase of implementing this framework, Kashef has asked them to express their distinction in relation to the requirements set by Kashef and then, in the next step, determine their plan for implementing the subsequent requirements.

This long-term program is intended to be communicated to banks on an annual basis.

The head of Kashef’s monitoring unit stated that the first cyber banking laboratory was launched in the company in 1400 (2021). He mentioned, “This laboratory is active in three areas: encryption, web, and mobile. It also has plans for other areas. The laboratory is licensed by EFTA and holds ISO 17025 accreditation. We can make this laboratory available to various entities.