Cybersecurity

Since it is essential to secure cybersecurity from the viewpoints of thoroughly improving convenience from the perspective of the people and providing administrative services to the people in a stable and safe manner, we will strengthen cybersecurity in Digital Agency by steadily implementing measures based on the "cybersecurity Strategies" (decided by the Cabinet on September 28, 2021).

Overview

In order to strengthen cybersecurity, Digital Agency will work on the following in cooperation with National Cybersecurity Office (NCO), which is the general coordinator for securing cybersecurity.

• The "Basic Policies for cybersecurity Related to the Management, etc. of Government Information Systems" (Basic Policies for Basic Policies for cybersecurity Pertaining to Management, etc. of Government Information Systems (attached to the "Basic Policies for the Development and Management of Information Systems" (decided by Minister for Digital Transformation on December 24, 2021))) will be established and implemented.

• A team specializing in cybersecurity will be set up in Digital Agency to carry out inspections and audits centered on systems developed and operated by Digital Agency.

The main contents include the steady development and operation of security regulations (including verification and auditing), support for security development by a specialized team in cybersecurity, and the development of a security response system with improved cyber resiliency. In addition, we are promoting the implementation of an always-on diagnostic and responsive security Architecture and promoting the registration of ISMAP-LIU to expand the use of safe cloud services.

Recent Efforts

A comprehensive operation monitoring framework is being developed to ensure IT governance.

For government information services supervised by Digital Agency, we are building a mechanism to support IT management and developing a framework for comprehensive operation monitoring with the aim of improving IT governance in Digital Agency by grasping the overall status of provision of each service, etc.
For more information, please refer to the following link:

• Comprehensive operations monitoring to ensure IT governance

Efforts to promote ISMAP-LIU registration

In order to expand the use of secure SaaS services in government agencies, etc., the "Special Measures for Promoting ISMAP-LIU Registration" was established.
For more information, please refer to the following link:

• Efforts to promote ISMAP-LIU registration

Standard Guidelines for the Promotion of a Digital Society Developing a document on security

For the Digital Society Promotion Standard Guidelines "Document on Security", please refer to the Digital Society Promotion Standard Guidelines

March 31, 2023
We published "Guidelines for Analyzing Security Risks in Government Information Systems," "Technical Report on Attribute-Based Access Control in ZERO TRUST Architecture Application Policies," "Technical Report on the Introduction of a Cybersecurity Framework for Government Information Systems," and "Technical Report on the Cataloging of Security Controls."

June 30, 2022
We have published the "Zero Trust Architecture Application Policies," "Continuous Risk Diagnosis and Response (CRSA) Architecture," "Security by Design Guidelines for Government Information Systems," and "Guidelines for Introducing Vulnerability Analysis for Government Information Systems."

Implementing Security Architecture for Constant Diagnostics and Response

In fiscal 2022, we conducted a survey and research project on the implementation of the Continuous Risk Assessment and Response (CRSA) system, and built a system to regularly collect and analyze the data necessary to diagnose cybersecurity risks for the infrastructure systems of leading ministries and agencies. In the future, based on the knowledge gained from the survey and research project, we will widely deploy it within government organizations and make preparations to expand the number of systems subject to diagnosis.
For more information, please refer to the following link:

• Continuous risk assessment and response (CRSA)

Establishment of Security Response Posture Digital Agency

It is important to monitor the systems developed and operated by Digital Agency in real time, and in the event of an information security incident, promptly prevent the spread of damage and establish a more resilient security response system. To this end, the necessary systems and rules will be reviewed in a timely and appropriate manner.
In addition, we are looking for mid-career security professionals. For details, please refer to the following link.

• Digital Agency for mid-career recruitment

Related Documents

• Standard Guidelines for the Promotion of a Digital Society Security Documentation
• Basic Policies for cybersecurity Pertaining to Management, etc. of Government Information Systems (attached to the "Basic Policies for the Development and Management of Information Systems" (decided by Minister for Digital Transformation on December 24, 2021))

Related Measures

• Cybersecurity Strategies (External Sites)
• Group of unified standards for cybersecurity countermeasures of government agencies, etc. (external sites)
• ISMAP Portal (External Site)

Meetings, etc.

Next Generation Security Architecture Study Group