Pre-requisites

Requirements for integrating a central bank to the RTGS.global network

The APIs are provided by RTGS.global and are either hosted in an Azure subscription created by RTGS.global or created and operated by the respective central bank. The APIs are encapsulated in the RGTS.global Funds Controller Gateway (FCG) component which is provided as Azure deployment using Bicep® templates.

Additionally, to ensure that RTGS.global communications are transported on the Azure backbone, peer to peer networking is established between the RTGS.global jurisdiction Azure subscription and each central banks' Azure subscription. This is achieved by each central banks' subscriptions having a virtual network that is peered with the RTGS.global Network. There is however no peering of central banks' or participants networks directly with each other.

Security Pre-requisites

To ensure that all central banaks and participants integrate and communicate across the RTGS.global network in a consistent and secure way, the following must be met:

1. Central Banks either create a new subscription within Microsoft Azure that will be used solely for the purpose of integrating into the RTGS.global network or RTGS.globla can create one on their behalf.

2. Access to this subscription and resources within must be configured with the principle of least privilege and RBAC.

3. Access to the Azure Portal used for the RTGS.global subscription must enforce conditional access and MFA for all connections to the portal and underlying resources.

4. Access to all components within the central banks and participants RTGS.global Azure subscriptions must be connected to via an Azure Bastion and where required a subsequent jump box accessible only via the bastion host.

5. The central banks subscriptions used for RTGS.global connectivity should have no publicly accessible ports over the internet.

6. All failed logins to the Azure portal and associated resources must be logged, monitored and investigated by the participants security team.

7. The Subscription and related resources must be monitored via the central banks incident and event monitoring processes and be covered by the participant Incident response plans.