Digital Society Promotion Standard Guidelines

In order to realize a digital society, it is important for relevant parties to work together under "common rules" and create value.
The Digital Society Promotion Standard Guideline Group is a collection of common rules and reference documents on procedures and procedures for service and business reforms and the development and management of government information systems associated with these reforms, as well as various technical standards.

There are two types of positioning for each document:

• Normative: A document that defines the rules to be observed for the development and management of government information systems.
• Informative: Helpful Documents

In the past, various guidelines were formulated under the name of the "Digital Government Promotion Standard Guideline Group." However, from the perspective of promoting digitalisation not only within the government but also throughout society as a Digital Agency, the name of these document systems has been changed to the "Digital Society Promotion Standard Guideline Group."
In addition, the name "Digital Government" has been retained for documents that mainly define internal government procedures and processes.

Documents on government information systems in general

DS-100 Digital Government Promotion Standard Guidelines

Articles (PDF/2,532 kb) (updated on June 5, 2024)
Consolidated (PDF/Word file) (ZIP / 2,953 kb) (updated on June 5, 2024)

• Last Revised: May 31, 2024
• Document Positioning: Normative
• Outline: Systematic common government rules that stipulate basic policies and matters related to procedures and procedures and the roles of each organization within the government in relation to service and business reforms and the development and management of government information systems associated with these reforms

DS-110 Digital Government Promotion Standard Guideline Manual

Articles (PDF/8,502 kb) (updated on June 5, 2024)
Consolidated (PDF/Word file) (ZIP / 11,775 kb) (updated on June 5, 2024)

• Last Revised: May 31, 2024
• Document Positioning - Informative
• Summary: As a sub-document of the Standard Guideline, this document is a reference document that includes article-by-article commentary to facilitate understanding of the purpose and objectives of the Standard Guideline.

DS 120 Digital Government Promotion Standard Guideline Implementation Guidebook

Articles (PDF/23,783 kb) (updated on June 5, 2024)
Consolidated (PDF/Word file) (ZIP / 44,471 kb) (updated on June 5, 2024)

• Last Revised: May 31, 2024
• Document Positioning - Informative
• Summary: A practical reference document incorporating know-how and lessons learned to date, as a sub-document of the Standard Guidelines, the Standard Guidelines Annex and the Standard Guidelines Manual

Various Templates ZIP (ZIP / 6,284 kb) (updated on June 5, 2024)

DS-121 Agile Development Practice Guide

Articles (PDF/985KB)
Consolidated (PDF/Word file) (ZIP / 1,087 kb)

• Last Revised: March 30, 2021
• Document Positioning - Informative
• Summary: In the development of government information systems, it is necessary to provide an option of agile development in addition to the traditional development style. This document summarizes the basic knowledge required to understand agile development.

DS-130 Standard Guideline Group Glossary

Articles (PDF/191KB)
Consolidated (PDF/Word file) (ZIP / 248 kb)

• Last Revised: March 31, 2023
• Document Positioning - Informative
• Overview: glossary of standards guidelines

References

Process Review Implementation Procedure Set (ZIP / 397 kb) (updated on April 3, 2023)
Please use them as reference materials for process review.

(Reference) Standard Guidelines Training Materials (PDF / 11,657 kb)
Materials prepared by personnel and other relevant parties to deepen their understanding of the outline of the DS-100, DS-110, and DS-120.

Security Documentation

DS-200 Security by Design Guidelines for Government Information Systems

Articles (PDF/1,376 kb)
Consolidated (PDF/Word file) (ZIP / 1,806 kb)

• Last Revised: January 31, 2024
• Document Positioning - Informative
• Summary: In order to efficiently ensure security for information systems, it is necessary to implement consistent security measures (security by design) from planning to operation of information systems. This document describes the security implementation contents and requirements in each process and defines the roles of related parties in order to grasp the security measures in the system life cycle from a bird's eye view.

References _ Cloud Services ISMAP Control Measures Standards (PDF / 235 kb)

* "Reference Materials _ Cloud Service ISMAP Management Policy Standards" can be viewed only when the following two JIS standards are purchased.
JIS Q 27014:2015 (ISO/IEC 27014:2013)
JIS Q 27017:2016 (ISO/IEC 27017:2015)

DS-201 Guidelines for Security Risk Analysis in Government Information Systems - A Combined Baseline and Business Damage Approach -

Articles (PDF/2,200 kb)
Consolidated (PDF/Word/Excel file) (ZIP / 3,688 kb)

• Last Revised: March 31, 2023
• Document Positioning - Informative
• Description: To ensure the security of information systems, it is essential to be aware of risks and manage them reliably. There are various techniques for security risk analysis. This document introduces the procedures for risk analysis combining baseline and business damage, aiming to balance and improve work efficiency and analysis accuracy.
  This document is specifically presented as an example of the security risk analysis procedures in DS 200, Security by Design Guidelines for Government Information Systems.

DS-202 Technical Report on Security Considerations in CI/CD Pipeline

Articles (PDF/980KB)
Consolidated (PDF/Word/Excel file) (ZIP / 1,533 kb)

• Last Revised: March 29, 2024
• Document Positioning - Informative
• Description: The CI / CD pipeline is an essential information system component for optimizing the development process and security measures in modern applications built on modern technologies. Attackers have begun to focus on its value and target it. This document describes the CI / CD pipeline from a security perspective and guides the points to consider when considering protection measures.

DS-210 Zero Trust Architecture Application Policies

Articles (PDF/774KB)
Consolidated (PDF/Word file) (ZIP / 981 kb)

• Last Revised: June 30, 2022
• Document Positioning - Informative
• Description: With the expansion of the use of cloud services and changes in the business environment in remote work and other regions, it has become difficult to completely prevent and defend against the advanced cyberattacks in recent years only with the conventional boundary-type security model. Therefore, the application of zero trust thinking is required. This document explains the basic policies for applying zero trust and Architecture and describes points to keep in mind when introducing them.

Enterprise Architecture (EA) for DS-211 Continuous Risk Assessment and Response (CRSA)

Articles (PDF/751KB)
Consolidated (PDF/Word file) (ZIP / 1,067 kb)

• Last Revised: January 31, 2024
• Document Positioning - Informative
• Description: In order to realize stable and safe service provision under the circumstances of Zero Trust Architecture, it is necessary to detect and reduce cybersecurity risks of the entire government at an early stage. This document describes the Architecture of the platform for the purpose of information collection and analysis in order to continuously carry out this activity.

DS-212 Technical Report on Attribute-Based Access Control in Zero Trust Architecture Application Policies

Articles (PDF/799KB)
Consolidated (PDF/Word file) (ZIP / 723 kb)

• Last Revised: March 31, 2023
• Document Positioning - Informative
• Description: Following the cloud-by-default principles, many tasks in future government information systems will be handled through cloud services. In order to maintain and improve robustness even in traditional business processing environments, it is important to incorporate the idea of "Zero Trust cybersecurity", which adapts Architecture to new environments. Zero Trust Architecture has as its core the control of access between each resource required for business processes from various information. This document is one of the access control models and describes technical contents in a bird' s-eye view on attribute-based access control utilizing attributes assigned to resources and environmental information, etc.

References _ ABAC Implementation Example -Amazon Web Services (PDF / 537 kb)
References _ ABAC Implementation Example -Microsoft Azure Active Directory (PDF / 973 kb)

DS-220 Technical Report on the Implementation of the Cybersecurity Framework in Government Information Systems

Articles (PDF/1,016 kb)
Consolidated (PDF/Word file) (ZIP / 1,225 kb)

• Last Revised: March 31, 2023
• Document Positioning - Informative
• Summary: With the increasing sophistication and complexity of cyberattacks, there is a need for enhanced cyber resiliency, and an increasing emphasis on enhancing information security confidentiality, integrity, and availability by recognizing detection, response, and recovery, in addition to identification and defense, given the penetration of threats, the NIST cybersecurity framework has gained worldwide attention.
  The purpose of this technical report is to describe the Cybersecurity Framework and to provide key points for its implementation in government information systems.

DS 221 Vulnerability Assessment Implementation Guidelines for Government Information Systems

Articles (PDF/1,148 kb)
Consolidated (PDF/Word file) (ZIP / 1,360 kb)

• Last Revised: February 6, 2024
• Document Positioning - Informative
• Description: In order to ensure cyber resilience in government information systems, it is important to conduct vulnerability assessments. This document describes the criteria and guidelines for vulnerability implementation to enable the selection and procurement of optimal vulnerability assessments.

DS-231 Technical Report on Cataloguing Security Controls

Articles (PDF/599KB)
Consolidated (PDF/Word file) (ZIP / 769 kb)

• Last Revised: March 31, 2023
• Document Positioning - Informative
• Description: Security control cataloguing refers to assigning unique identifiers to independent security controls and categorizing them in a machine-readable format.
  This document provides an overview of security control cataloguing, which can improve the efficiency, timeliness, accuracy, and consistency of system security assessments by ensuring traceability between control elements, facilitating system configuration automation, etc.
  Efforts to catalog security controls include the OSCAL (Open Security Controls Assessment Language) described in this document, which is attracting attention for its use. OSCAL is a language developed by the NIST to express security controls in a machine-readable language, and can be written in three formats: XML, JSON, and YAML.
• Example: OSCAL Format Description Example "Guidelines for Establishment of Standards for Measures by Government Organizations, etc. (July 4, 2023 edition)" (ZIP / 298 kb) (published on September 20, 2024)
  Using OSCAL , the XML, JSON, and YAML formats of the "Guidelines for the Formulation of Standards for Measures by Government Organizations, etc. (2023 version) (PDF)" , which is part of the "Unified Standards Group for cybersecurity Measures by Government Organizations, etc." , are provided. & nbsp;
  When each government agency specifies security control measures based on the Uniform Standards for cybersecurity Measures, it is necessary to describe the standards in a more specific manner. Therefore, by structuring the security control measures of each government agency in terms that take into account OSCAL , it is expected to contribute to the automation and mechanization of their formulation, increase the efficiency of information sharing, improve the quality of security control evaluation, and reduce the labor involved.

Cloud Documentation

DS-310 Basic Policy on Appropriate Use of Cloud Services in Government Information Systems

Articles (PDF/391KB)
Consolidated (PDF/Word file) (ZIP / 459 kb)

• Last Revised: September 29, 2023
• Document Positioning: Normative
• Outline: The adoption of cloud services is the default (first choice) for the system method of government information systems, and the Standard Guideline Annex shows the concept of using the cloud appropriately (smartly) rather than simply using the cloud.

Data Federation Documentation

DS-400 Government Interoperability Framework (GIF)

GitHub (external site)

Published on GitHub (external site) on October 13, 2022.

• Document (updated March 28, 2025)

Zip Download

If you cannot use GitHub, please get it from the integrated version.

• Consolidated (PDF/Word/Excel file) (ZIP / 34,470 kb) (updated March 28, 2025)
• Last Revised: March 25, 2025
• Document Positioning - Informative
• Summary: " Government Interoperability Framework (Government Interoperability Framework) " (GIF) is provided as a practical guidebook for realizing a society in which data utilization and cooperation are smooth. By using this framework to organize data, it is possible to design data that is highly scalable and easy to cooperate with.

Trust Documentation

DS-500 Guidelines for Online identity verification Practices in Administrative Procedures

Articles (PDF/1,506 kb)
Consolidated (PDF/Word file) (ZIP / 1,996 kb)

• Last Revised: February 25, 2019
• Document Positioning: Normative
• Summary: Annex to the Standard Guidelines on Online digitalisation Methods for identity verification Various Administrative Procedures

Reference materials _ Interim summary for the revision (fiscal year 2022 (fiscal year 2022)) (PDF / 3,580 kb) (published on June 29, 2023)
Reference materials _ Interim summary for the revision (fiscal year 2023 (fiscal year 2023)) (PDF / 2,123 kb) (updated on July 23, 2024)
References _ "Guidelines for Online identity verification Methods in Administrative Procedures" Q & amp; A (PDF / 387 kb) (posted June 17, 2024)

DS 531 Basic Approach to digitalisation Disposal Notification

Articles (PDF/310KB)
Consolidated (PDF/Word file) (ZIP / 373 kb)

• Last Revised: March 31, 2023
• Document Positioning - Informative
• Summary: With the aim of improving the convenience of individuals and corporations, etc. and the efficiency of administrative management, in order to promote the digitalisation of notices of disciplinary actions, etc. in the short term, common ideas and methods of responding to issues, etc. will be provided so that they can be referred to in practice.

Q & amp; A (PDF / 169 kb) Reference Materials: "Basic Approach to digitalisation Disposal Notices"
Reference Material _ Flowchart for Consideration of Examples of Short-Term Approaches to digitalisation, such as Notification of Disposition
PDF(189KB)/Excel(21KB)

Other Documents

DS 910 Handling of Government Information Systems Related to Security and Other Sensitive Information

Articles (PDF/286KB)
Consolidated (PDF/Word file) (ZIP / 302 kb)

• Last Revised: July 19, 2023
• Document Positioning: Normative
• Outline: Annex to the Standard Guidelines on Information Systems that Handle Security and Other Sensitive Information, which summarizes the viewpoints that users should consider, such as risks requiring attention and countermeasures, consideration of cloud computing, and points to keep in mind in data linkage