Digital society Promotion Standard Guidelines

In order to realize digital society, it is important that related parties work together under "common rules" to create value.
The digital society Promotion Standard Guidelines are a collection of common rules and reference documents on procedures and procedures for service and business reforms and the development and management of government information systems associated with them, as well as various technical standards.

There are two types of positioning for each document:

• Standard Guideline (Normative): A document that specifies the content to be observed as rules for the maintenance and management of government information systems
• Informative: A Guide to Practice

Until now, various guidelines have been formulated under the name of the "Digital Government Promotion Standard Guidelines Group." However, from the perspective of promoting Digital Agency not only within the government but also in society as a whole, the name of these document systems has been changed to the "digitalization Promotion Standard Guidelines Group." digital society Promotion Standard Guidelines Group.
As for documents that mainly specify internal procedures and procedures of the government, the name "Digital Government" has been maintained as before.

Documents related to government information systems in general

DS-100 Standard Guidelines for Digital Government Promotion

Articles (PDF/2,532 kb) (updated June 5, 2024)
Integrated version (PDF/Word file) (ZIP / 2,953 kb) (updated June 5, 2024)

• Last Updated: May 31, 2024
• Document Positioning: Normative
• Outline: Basic policies and matters concerning procedures and procedures for service and business reforms and the development and management of government information systems associated with them, as well as systematic common government rules that specify the roles of each organization in the government

DS-110 Standard Guideline Manual for Digital Government Promotion

Articles (PDF/8,502 kb) (updated June 5, 2024)
Integrated version (PDF/Word file) (ZIP / 11,775 kb) (updated June 5, 2024)

• Last Updated: May 31, 2024
• Document Positioning: Informative
• Outline: A reference document that contains article-by-article explanations, etc. as a subordinate document of the Standard Guideline in order to make the purpose, purpose, etc. of the description of the Standard Guideline easy to understand.

DS-120 Standard Guideline for Digital Government Promotion Practice Guidebook

Articles (PDF/23,783 kb) (updated June 5, 2024)
Integrated version (PDF/Word file) (ZIP / 44,471 kb) (updated June 5, 2024)

• Last Updated: May 31, 2024
• Document Positioning: Informative
• Overview: A practical reference document that incorporates the know-how and lessons learned so far as a subordinate document of the Standard Guidelines, the Annexes to the Standard Guidelines, and the Standard Guidelines Manual

Various Templates ZIP (ZIP / 6,284 kb) (updated June 5, 2024)

DS-121 Agile development Practices Guidebook

Text (PDF/985KB)
Integrated version (PDF/Word file) (ZIP / 1,087 kb)

• Last revised: March 30, 2021
• Document Positioning: Informative
• Description: Government Information Systems development also needs to have an Agile development option in addition to the traditional development style. This document summarizes the basic knowledge needed to understand Agile development first.

DS 130 Standard Guideline Group Glossary

Text (PDF/191KB)
Integrated version (PDF/Word file) (ZIP / 248 kb)

• Last revised: March 31, 2023
• Document Positioning: Informative
• Overview: Glossary of Standard Guidelines

References

Set of Written Procedures for Process Review (ZIP / 397 kb) (updated on April 3, 2023)
Please use it as a reference material for process review.

(Reference) Standard Guidelines Training Materials (PDF / 11,657 kb)
Materials prepared by Employees, etc. to deepen their understanding of the outline of DS-100, DS-110, and DS-120.

Security Documents

DS-200 security by Design Guidelines for Government Information Systems

Text (PDF/1,376 kb)
Integrated version (PDF/Word file) (ZIP / 1,806 kb)

• Last revised: January 31, 2024
• Document Positioning: Informative
• Outline: In order to efficiently ensure security for information systems, it is necessary to implement consistent security measure (security by design) from planning to operation of information systems. In order to comprehensively understand security measure in the system life cycle, this document describes the contents and requirements for security implementation in each process and defines the roles of the parties concerned.

Reference _ cloud service ISMAP Management Policy Standards (PDF / 235 kb)

* "Reference Material _ cloud service ISMAP Management Policy Standards" can be viewed only when the following two JIS standards are purchased.
JIS Q 27014:2015 (ISO/IEC 27014:2013)
JIS Q 27017:2016 (ISO/IEC 27017:2015)

DS-201 Guidelines for security Risk Analysis in Government Information Systems - A Combined Baseline and Enterprise Damage Approach

Text (PDF/2,200 kb)
Integrated version (PDF/Word/Excel file) (ZIP / 3,688 kb)

• Last revised: March 31, 2023
• Document Positioning: Informative
• Description: To ensure the security of information systems, it is essential to recognize and reliably manage risks. There are various methods for security risk analysis. This document introduces a procedure for risk analysis that combines baselines and business damage, with the aim of improving work efficiency and analytical accuracy in a balanced manner.
  This document is specifically presented as an example of the procedure for security risk analysis in DS 200, Guidelines for security by Design in Government Information Systems.

Technical Report on security Considerations in the DS-202 CI/CD Pipeline

Text (PDF/980KB)
Integrated version (PDF/Word/Excel file) (ZIP / 1,533 kb)

• Last Updated: March 29, 2024
• Document Positioning: Informative
• Overview: In modern applications built on modern technologies, the CI / CD pipeline is an information systems component that is essential for optimizing development processes and security measure. Attackers are starting to focus on its value and target it. This document describes the CI / CD pipeline from a security perspective and guides you through the key points when considering protection.

DS-210 Zero Trust Architecture Application Policies

Text (PDF/774KB)
Integrated version (PDF/Word file) (ZIP / 981 kb)

• Last revised: June 30, 2022
• Document Positioning: Informative
• Overview: With the expansion of the use of cloud service and changes in business environments such as remote work, it has become difficult to completely prevent and defend against recent advanced cyberattacks using only the conventional boundary-type security model, and the application of the zero Trust concept is required. This document explains the basic policies for applying the zero Trust architecture and describes the points to be noted at the time of introduction.

DS-211 Constant Risk Diagnosis and Response (CRSA) Enterprise Architecture (EA)

Text (PDF/751KB)
Integrated version (PDF/Word file) (ZIP / 1,067 kb)

• Last revised: January 31, 2024
• Document Positioning: Informative
• Overview: In order to realize stable and secure service provision under the zero Trust architecture, it is necessary to detect and reduce cyber security risks of the entire government at an early stage. This document describes the architecture of the platform for the purpose of information collection and analysis to continuously implement this activity.

Technical Report on Attribute-Based Access Control in DS-212 Zero Trust Architecture Application Policy

Text (PDF/799KB)
Integrated version (PDF/Word file) (ZIP / 723 kb)

• Last revised: March 31, 2023
• Document Positioning: Informative
• Overview: In accordance with Cloud-By-Default principle, many operations in future government information systems will be processed through cloud service. In order to maintain and improve robustness even in traditional business processing environments, it is important to incorporate the idea of "Zero cybersecurity Architecture", which adapts Trust to new environments. Zero Trust Architecture is centered on controlling access between each resource necessary for business processes from various information. This document describes the overview technical content of attribute-based access control, which is one of the access control models, and utilizes information on attributes and environments assigned to resources.

Reference _ ABAC implementation Example -Amazon Web Services Edition (PDF / 537 kb)
Reference _ ABAC implementation Example -Microsoft Azure Active Directory (PDF / 973 kb)

DS-220 Technical Report on Introduction of Cyber security Framework in Government Information Systems

Text (PDF/1,016 kb)
Integrated version (PDF/Word file) (ZIP / 1,225 kb)

• Last revised: March 31, 2023
• Document Positioning: Informative
• Overview: With the increasing sophistication and complexity of cyberattacks, there is a need to strengthen cyber resiliency. Given the intrusion of threats, it is increasingly important to enhance information security confidentiality, completeness, and availability-by recognizing detection, response, and recovery in addition to identification and defense. In this context, the NIST Cyber security Framework has attracted worldwide attention.
  The purpose of this technical report is to explain the Cyber security Framework and to present key points for its introduction into government information systems.

DS-221 Guidelines for Vulnerability Assessment in Government Information Systems

Text (PDF/1,148 kb)
Integrated version (PDF/Word file) (ZIP / 1,360 kb)

• Last Updated: February 6, 2024
• Document Positioning: Informative
• Overview: To ensure cyber resiliency in government information systems, it is important to conduct a vulnerability assessment. This document describes the standards and guidelines for the introduction of vulnerabilities to enable the selection and procurement of the best vulnerability assessment.

DS-231 Technical Report on Cataloguing security Controls

Text (PDF/599KB)
Integrated version (PDF/Word file) (ZIP / 769 kb)

• Last Updated: September 20, 2024
• Document Positioning: Informative
• Description: security control cataloguing refers to the practice of assigning unique identifiers to independent security controls and classifying them in a machine-readable format.
  This can improve the effectiveness, timeliness, accuracy, and consistency of system security assessment by ensuring traceability among control elements and facilitating system configuration automation. This document provides an overview of security control cataloguing.
  Efforts to catalog security controls include the OSCAL (Open Security Controls Assessment Language) described in this document, and its utilization has attracted attention. The OSCAL is a development language created by the NIST to express security controls in a machine-readable language. It can be described in three formats: XML, JSON, and YAML.
• Example: OSCAL Format Description Example "Guidelines for Formulating Standards for Measures Taken by Government Agencies, etc. (July 4, 2023 Edition)" (ZIP / 298 kb)
  OSCAL is used to describe the "Guidelines for Formulation of Countermeasure Standards for Government Organizations, etc. (2023 Edition) (PDF)" of the "Uniform Standard Set for cybersecurity Measures for Government Organizations, etc." in XML, JSON, and YAML formats. & nbsp;
  When each government agency specifies cybersecurity management measures based on the Uniform Set of Standards for security Measures of Government Agencies, etc., the standards will be described in more detail. Therefore, by structuring the security management measures of each government agency in an expression that takes into account OSCAL , it is possible to contribute to the automation and mechanization of the formulation, and to expect the efficiency of information sharing, as well as the improvement of the evaluation of security control and the reduction of related labor.

Cloud Documentation

DS 310 Basic Policies for the Appropriate Use of cloud service in Government Information Systems

Text (PDF/391KB)
Integrated version (PDF/Word file) (ZIP / 459 kb)

• Last Updated: September 29, 2023
• Document Positioning: Normative
• Outline: An annex to the Standard Guidelines on the system method of government information systems, which shows the concept of using the cloud appropriately (smartly) rather than just using the cloud, while using cloud service as the default (first choice).

Data connections Documents

DS-400 Government Interoperability Framework (GIF)

GitHub (external site)

October 13, 2022 We started publishing it on GitHub (external site).

• Document (updated March 27, 2024)

Zip Download

If GitHub is not available, get it from the integrated version.

• Integrated version (PDF/Word/Excel file) (ZIP / 147,947 kb)
• Last Updated: March 27, 2024
• Document Positioning: Informative
• Outline: We provide the " Government Interoperability Framework " (GIF) as a technical system to realize a society in which data utilization and cooperation can be performed smoothly. By using this framework to organize data, it is possible to design data that is highly scalable and easy to cooperate.

Trust Documents

DS-500 Guidelines for Online Identification Methods in Administrative Procedures

Text (PDF/1,506 kb)
Integrated version (PDF/Word file) (ZIP / 1,996 kb)

• Last Updated: February 25, 2019
• Document Positioning: Normative
• Summary: An annex to the Standard Guidelines that describes the online identity verification methods required for digitalization of various administrative procedures

Reference Material _ Interim Summary for Revision (Fiscal 2022 (2022)) (PDF / 3,580 kb) (posted on June 29, 2023)
Reference Material _ Interim Summary for Revision (Fiscal 2023 (2023)) (PDF / 2,123 kb) (updated July 23, 2024)
Reference Material _ "Guidelines for Online Identification Methods in Administrative Procedures" Q & amp; A (PDF / 387 kb) (posted June 17, 2024)

DS-531 Basic Approach to digitalization, Including Notification of Disposition

Text (PDF/310KB)
Integrated version (PDF/Word file) (ZIP / 373 kb)

• Last revised: March 31, 2023
• Document Positioning: Informative
• Outline: In order to promote digitalization such as notification of disposition in the short term with the aim of improving the convenience of individuals and corporations, etc. and the efficiency of administrative operation, we will provide a common concept and a method of responding to Issue so that it can be used as a reference in practice.

Reference Material _ "Basic Concept on digitalization, Including Notification of Disposition" Q & amp; A (PDF / 169 kb)
Reference Material _ Examination Flowchart of Examples of Short-Term Methods for digitalization of Disposition Notices, etc.
PDF(189KB)/Excel(21KB)

Other Documents

DS 910: Treatment of Government Information Systems Relating to Sensitive Information, etc., such as Security

Text (PDF/286KB)
Integrated version (PDF/Word file) (ZIP / 302 kb)

• Last Updated: July 19, 2023
• Document Positioning: Normative
• Overview: An appendix to the Standard Guidelines that summarizes the viewpoints that users should consider regarding information systems that handle sensitive information such as security, such as risks that require attention and measures to be taken, consideration of cloud computing, and points to be noted in data connections operations