Cybersecurity

It is essential to achieve both the enhancement of convenience from the people's point of view and the securing of cybersecurity, including the stable and safe provision of administrative services to the people. Therefore, the government will strengthen cybersecurity in Digital Agency by steadily implementing measures based on the "cybersecurity Strategies" (approved by the Cabinet on September 28, 2021).

Overview

In order to strengthen cybersecurity, Digital Agency will cooperate with the National Cyber Security Center (NISC), which is the general coordinator for securing cybersecurity, and will work on the following.

• The "Basic Policies for cybersecurity regarding the Management, etc. of Government Information Systems" (Basic Policies for Basic Policies on the Management of Government Information Systems in cybersecurity ("Basic Policies on the Development and Management of Information Systems" [Decision Made by Minister for Digital Transformation on December 24, 2021])) will be presented and implemented.

• A specialized cybersecurity team will be established in Digital Agency to verify and audit the systems developed and operated by Digital Agency.

The main contents include the steady development and operation of security regulations (including verification and auditing), support for security construction by specialized teams in the cybersecurity, and the construction of a security response system that improves cyber resiliency. In addition, we are promoting the implementation of a constant diagnosis and response type security Architecture and promoting ISMAP-LIU registration to expand the use of safe cloud services.

Recent Initiatives

We are developing a framework for comprehensive operational monitoring to ensure IT governance.

For government information services managed by Digital Agency, we are building a framework to support IT management, and developing a framework for comprehensive operation monitoring aimed at improving IT governance in Digital Agency by understanding the overall status of the provision of each service.
For more information, please refer to the following link:

• Comprehensive operational monitoring to ensure IT governance

Efforts to Promote ISMAP-LIU Registration

The "ISMAP-LIU Consultation Counter" has been established in Digital Agency as a general contact point to receive consultations for ISMAP-LIU registration from SaaS service providers, and the "Special Measures for Promoting ISMAP-LIU Registration" have been established in order to expand the use of safe SaaS services in government agencies, etc.
For more information, please refer to the following link:

• Efforts to Promote ISMAP-LIU Registration

Standard Guidelines for the Promotion of a Digital Society We are developing a security document

Please refer to the Digital Society Promotion Standard Guideline for the "Security Document" of the Digital Society Promotion Standard Guideline

March 31, 2023
"Guidelines for Analyzing Security Risks in Government Information Systems," "Technical Report on Attribute-Based Access Control in Zero Trust Architecture Application Policies," "Technical Report on Introduction of Cybersecurity Framework in Government Information Systems," and "Technical Report on Cataloging Security Controls" were published.

June 30, 2022
The "Zero Trust Architecture Application Guidelines," "Continuous Risk Assessment and Response (CRSA) Architecture," "Security by Design Guidelines for Government Information Systems," and "Vulnerability Assessment Introduction Guidelines for Government Information Systems" were published.

We are promoting the implementation of a continuous diagnosis and response type security Architecture

In fiscal 2022, we conducted a survey and research project on the implementation of a continuous risk diagnosis and response (CRSA) system, and constructed a system to regularly collect and analyze data necessary for cybersecurity risk diagnosis for infrastructure systems of leading ministries and agencies. In the future, based on the knowledge obtained from the survey and research project, we will widely deploy it within government organizations and make preparations to expand the system subject to diagnosis.
For more information, please refer to the following link:

• Continuous risk diagnosis and response (CRSA)

Establishment of Security Response System in Digital Agency

It is important to monitor the systems developed and operated by Digital Agency in real time, and in the event of an information security incident, promptly prevent the spread of damage, as well as improve the resiliency of the security response system. Therefore, the necessary systems and rules will be reviewed in a timely and appropriate manner.
In addition, we are seeking mid-career recruitment of security professionals. For more information, please refer to the following link:

• Mid-career recruitment Digital Agency

Related Materials

• Standard Guidelines for the Promotion of the Digital Society Security Documentation
• Basic Policies on the Management of Government Information Systems in cybersecurity ("Basic Policies on the Development and Management of Information Systems" [Decision Made by Minister for Digital Transformation on December 24, 2021])

Related measures

• Cybersecurity strategies (external sites)
• Uniform set of standards for cybersecurity countermeasures for government agencies (external sites)
• ISMAP portal (external site)

Meetings, etc.

Next Generation Security Architecture Study Meeting