Skip to main content

This page has been translated using TexTra by NICT. Please note that the translation may not be completely accurate.If you find any mistranslations, we appreciate your feedback on the "Request form for improving the automatic translation ".

Cybersecurity

Since it is essential to ensure a balance between thoroughly improving convenience from the perspective of the people and securing cybersecurity, including from the perspective of stably and safely providing administrative services to the people, we will strengthen cybersecurity in cybersecurity by steadily implementing measures based on the "Digital Agency Strategies" (approved by the Cabinet on September 28, 2021).

Overview

In order to strengthen cybersecurity, Digital Agency will cooperate with the National Cyber Security Center (NISC), which is the general coordinator for securing cybersecurity, and will work on the following.

Major initiatives include the steady development and operation of security regulations (including verification and auditing), support for security establishment by cybersecurity expert teams, and the establishment of a cyber resilient security response environment. In addition, we are promoting the implementation of an always-diagnostic and response-oriented security Architecture and promoting ISMAP-LIU registrations to expand the use of safe cloud services.

Recent Initiatives

We are developing a framework for comprehensive operation monitoring to ensure IT governance.

A framework to support IT management is being developed for government information services supervised by Digital Agency, and a framework for comprehensive operation monitoring is being developed to improve IT governance in Digital Agency through a comprehensive understanding of the status of the provision of each service.
For details, please refer to the following link:

Efforts to Promote ISMAP-LIU Registration

Special measures to promote ISMAP-LIU registration were established to expand the use of secure SaaS services in government agencies and other organizations.
For details, please refer to the following link:

Digital Society Promotion Standard Guidelines Developing a document on security

Please refer to the Digital Society Promotion Standard Guidelines for the Digital Society Promotion Standard Guidelines "Security Documents"

March 31, 2023
The following technical reports were published: "Guidelines for Analyzing Security Risks in Government Information Systems," "Technical Report on Attribute-Based Access Control in Zero Trust Architecture Application Policies," "Technical Report on Introduction of Cybersecurity Framework in Government Information Systems," and "Technical Report on Cataloguing Security Controls."

June 30, 2022
The "Zero Trust Architecture Application Guidelines," "Continuous Risk Assessment and Response (CRSA) Architecture," "Security by Design Guidelines for Government Information Systems," and "Vulnerability Assessment Implementation Guidelines for Government Information Systems" were published.

Promoting the Implementation of a Continuous Diagnostic and Responsive Security Architecture

In fiscal 2022, we conducted a research project on the implementation of the Continuous Risk Diagnosis and Response (CRSA) system, and established a system to regularly collect and analyze data necessary for diagnosing cybersecurity risks for the infrastructure systems of the preceding ministries and agencies. In the future, based on the knowledge obtained from the research project, we will expand it widely within government organizations and make preparations to expand the scope of systems subject to diagnosis.
For details, please refer to the following link:

Building a Security Response System in Digital Agency

It is important to monitor systems developed and operated by Digital Agency in real time and, in the event of an information security incident, to promptly prevent the spread of damage and to have a resilient security response system. To this end, the necessary systems and rules will be reviewed in a timely and appropriate manner.
We are also looking for mid-career security professionals. For more information, please refer to the following link:

Related Materials

Related Measures

Meetings, etc.

Next Generation Security Architecture Study Group