London, New York, Hong Kong, 24th January 2018: FIX Trading Community, the non-profit, industry-driven standards body at the heart of global financial trading, today announced the release of the FIX-over-TLS (FIXS) standard and guidelines to assist users of the FIX Protocol meet certain security requirements.
FIXS is part of a larger programme of work that the FIX Trading Community initiated in response to the heightened cyber security challenge. The issue for members is how to understand the cyber security landscape, how to respond to the general deterioration and an increased specificity of threats, in a manner that anticipates or leads legislative and regulatory responses.
FIXS is a technical standard that specifies how to use the Transport Layer Security (TLS) protocol with FIX. It provides a level of standardisation in order to ensure a certain level of security is applied. Additionally, guidelines are provided for different aspects of TLS as well as for the Stunnel open source program, thereby making the standard accessible to all. FIXS makes it easier for FIX participants to employ TLS, in the belief that this will help to improve security across the industry.
The initiative facilitates and promotes collaboration through information exchange, debate and joint development. With this interaction, the ensuing development of knowledge and simple information sharing is immensely valuable.
Michael Cooper, CTO Radianz, BT Global Banking and Financial Markets, Chair FIX Cybersecurity Working Group, commented, “The FIX Cybersecurity Working Group was formed a number of years ago to facilitate industry collaboration against the background of a deteriorating cyber security landscape. As part of these efforts, the FIXS Sub-group was established; they have researched and are now publishing guidelines for extending the security of FIX communications and thereby augmenting the security of trading operations.”
Charles Kilkenny, CEO Actuare, Chair FIXS Sub-group, noted, “FIXS is a starting point for firms wanting to secure FIX with TLS. I would ask firms and especially vendors to look at adopting FIXS and provide us with their feedback. We need this dialogue to continually improve what we have and to stay one step ahead. I would also like to take this opportunity to thank everyone involved in the FIXS Sub-group for their hard work and contributions, without which we would not be able to do this.”
The guidelines document can be found here.