Cybersecurity
- Last Updated:
Since it is essential to ensure a balance between thoroughly improving convenience from the perspective of the people and securing cybersecurity, including from the perspective of stably and safely providing administrative services to the people, we will strengthen cybersecurity in cybersecurity by steadily implementing measures based on the "Digital Agency Strategies" (approved by the Cabinet on September 28, 2021).
Overview
In order to strengthen cybersecurity, Digital Agency will cooperate with the National Cyber Security Center (NISC), which is the general coordinator for securing cybersecurity, and will work on the following.
The "Basic Policies for cybersecurity on the Management, etc. of Government Information Systems" (the "Basic Policies for Basic Policies for cybersecurity on the Management of Government Information Systems (Attachment to "Basic Policies for the Development and Management of Information Systems" (Minister for Digital Transformation Decision of December 24, 2021))) is presented and its implementation will be promoted.
A specialized team from cybersecurity will be established in Digital Agency to verify and audit mainly the systems developed and operated by Digital Agency.
Major initiatives include the steady development and operation of security regulations (including verification and auditing), support for security establishment by cybersecurity expert teams, and the establishment of a cyber resilient security response environment. In addition, we are promoting the implementation of an always-diagnostic and response-oriented security Architecture and promoting ISMAP-LIU registrations to expand the use of safe cloud services.
Recent Initiatives
We are developing a framework for comprehensive operation monitoring to ensure IT governance.
A framework to support IT management is being developed for government information services supervised by Digital Agency, and a framework for comprehensive operation monitoring is being developed to improve IT governance in Digital Agency through a comprehensive understanding of the status of the provision of each service.
For details, please refer to the following link:
Efforts to Promote ISMAP-LIU Registration
Special measures to promote ISMAP-LIU registration were established to expand the use of secure SaaS services in government agencies and other organizations.
For details, please refer to the following link:
Digital Society Promotion Standard Guidelines Developing a document on security
Please refer to the Digital Society Promotion Standard Guidelines for the Digital Society Promotion Standard Guidelines "Security Documents"
March 31, 2023
The following technical reports were published: "Guidelines for Analyzing Security Risks in Government Information Systems," "Technical Report on Attribute-Based Access Control in Zero Trust Architecture Application Policies," "Technical Report on Introduction of Cybersecurity Framework in Government Information Systems," and "Technical Report on Cataloguing Security Controls."
June 30, 2022
The "Zero Trust Architecture Application Guidelines," "Continuous Risk Assessment and Response (CRSA) Architecture," "Security by Design Guidelines for Government Information Systems," and "Vulnerability Assessment Implementation Guidelines for Government Information Systems" were published.
Promoting the Implementation of a Continuous Diagnostic and Responsive Security Architecture
In fiscal 2022, we conducted a research project on the implementation of the Continuous Risk Diagnosis and Response (CRSA) system, and established a system to regularly collect and analyze data necessary for diagnosing cybersecurity risks for the infrastructure systems of the preceding ministries and agencies. In the future, based on the knowledge obtained from the research project, we will expand it widely within government organizations and make preparations to expand the scope of systems subject to diagnosis.
For details, please refer to the following link:
Building a Security Response System in Digital Agency
It is important to monitor systems developed and operated by Digital Agency in real time and, in the event of an information security incident, to promptly prevent the spread of damage and to have a resilient security response system. To this end, the necessary systems and rules will be reviewed in a timely and appropriate manner.
We are also looking for mid-career security professionals. For more information, please refer to the following link:
Related Materials
- Digital Society Promotion Standard Guidelines Security Documentation
- Basic Policies for cybersecurity on the Management of Government Information Systems (Attachment to "Basic Policies for the Development and Management of Information Systems" (Minister for Digital Transformation Decision of December 24, 2021))
Related Measures
- Cybersecurity Strategies (External Sites)
- Group of Uniform Standards for cybersecurity Measures by Government Agencies, etc. (External Sites)
- ISMAP portal (external site)