This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Prudential Standard CPS 234
Australian Prudential Regulation Authority (APRA) defines cybersecurity standards for financial institutions and enforce the measurements required to withstand security incidents. Under the Banking Act 1959, APRA has determined the Prudential Standards CPS 234 and rules.
APRA regulates entities such as Authorised Deposit-taking Institutions (ADIs), authorised Non-Operating Holding Companies, general insurances and RSE licensees. It considers the hardware, software and data of these entities as information assets and has formalized Prudential Standard CPS 234 to be followed by these entities and their information assets.
This Prudential Standard aims to ensure that an APRA-regulated entity:
- Minimizes information security incidents (including cyberattacks) by maintaining an information security capability corresponding to information security vulnerabilities and threats
- Secure the integrity of information assets that include assets managed by relevant organizations and third parties
WSO2 Open Banking is not an APRA regulated entity but as a platform provider for ADI’s and regulated banks, the solution is a third party that provides information assets to ADIs. Therefore, as per CPS 234 regulation and its practice guide (CPG 234), the solution needs to provide required information to ADIs for them to be CPS 234 complaint.
WSO2 adheres to a secure software development process. The WSO2 Open Banking solution consists of a secured design and architecture of the system that includes cryptographic methods used to store sensitive data. For more information on this, see the following topics:
- Carbon Secure Vault Implementation
- Encrypting Passwords with Cipher Tool
- Resolving Encrypted Passwords
The solution also provides strong security mechanisms for APIs, authentication and identity management. For more information, see API Security for Australia.
WSO2 Support Services provide a full range of enterprise-grade support and maintenance services for the WSO2 Open Banking solution. For more details on the services and policies, see WSO2 Support Services Policy Version 5.5.