Standard Guidelines for the Promotion of a Digital

Last Updated:: Sep 5, 2025

In order to realize a digital society, it is important for related parties to work together under "common rules" and create value.
The Digital Society Promotion Standard Guidelines are a collection of common rules and reference documents related to various technical standards and procedures and procedures for service and business reforms and the development and management of government information systems associated with these reforms.

There are two types of positioning for each document:

Normative guidelines: Documents that specify the content to be observed as rules for the development and management of government information systems.
Practical guidebook (Informative): Documents for reference

Until now, various guidelines had been formulated under the name of the "Digital Government Promotion Standard Guidelines Group." However, from the perspective of Digital Agency promoting digitalisation not only within the government but also throughout society, the name of the document system has been changed to the "Digital Society Promotion Standard Guidelines Group."
In addition, the name "Digital Government" continues to be used mainly for documents that define internal government procedures and processes.

General documentation of government information systems

DS-100 Digital Government Promotion Standard Guideline

Articles (PDF/2,194 kb) (updated June 19, 2025)
Consolidated Version (PDF/Word file) (ZIP / 2,756 kb) (updated June 19, 2025)

Last Updated: May 27, 2025
Document Positioning: Normative
Overview: Systematic common government rules that stipulate basic policies and matters related to the procedures and procedures for service and business reforms and the development and management of government information systems associated with these reforms, as well as the roles of each organization within the government

DS-110 Digital Government Promotion Standard Guideline Manual

Articles (PDF/8,444 kb) (updated June 19, 2025)
Consolidated Version (PDF/Word file) (ZIP / 10,927 kb) (updated June 19, 2025)

Last Updated: May 27, 2025
Positioning Documentation - Informative
Summary: As a sub-document of the standard guideline, it is a reference document that contains an article by article explanation to make it easier to understand the purpose and purpose of the description in the standard guideline.

DS-120 Digital Government Promotion Standard Guideline Practice Guidebook

Articles (PDF/24,110 kb) (updated June 19, 2025)
Consolidated Version (PDF/Word file) (ZIP / 39,902 kb) (updated June 19, 2025)

Last Updated: May 27, 2025
Positioning Documentation - Informative
Summary: A practical reference document incorporating the know-how and lessons learned thus far as a sub-document of the standard guideline, the standard guideline annex, and the standard guideline reference.

Templates (PDF/Word / Excel / Powerpoint / Text Files) (ZIP / 6,227 kb) (updated June 19, 2025)
(The zip file above also contains the following)

Chapter 6. Procurement Specification Standard Template
Chapter 5 Requirements Definition Document Standard Template

DS 121 Practical Guide to Agile Development

Articles (PDF/985KB)
Consolidated Version (PDF/Word file) (ZIP / 1,087 kb)

Last Revised: March 30, 2021
Positioning Documentation - Informative
Overview: A document that summarizes the basic knowledge needed to understand agile development, which should be an alternative to traditional development styles for government information system development.

Glossary of DS 130 Standard Guidelines

Articles (PDF/404KB) (updated June 19, 2025)
Consolidated Version (PDF/Word file) (ZIP / 415 kb) (updated June 19, 2025)

Last Updated: May 27, 2025
Positioning Documentation - Informative
Introduction: Glossary of Standard Guidelines

References

Set of Procedure Manuals for Process Review (ZIP / 397 kb) (updated on April 3, 2023)
Please use them as reference materials for the process review.

(Reference) Standard Guidelines Training Materials (PDF / 11,657 kb)
Materials prepared for employees and other related parties to deepen their understanding of the DS-100, DS-110, and DS-120.

Security Documentation

DS-200 Security by Design Guidelines for Government Information Systems

Articles (PDF/1,376 kb)
Consolidated Version (PDF/Word file) (ZIP / 1,806 kb)

Last Revised: January 31, 2024
Positioning Documentation - Informative
Summary: In order to efficiently ensure security for information systems, it is necessary to implement consistent security measures (Security by Design) from planning to operation of information systems. This document describes the security implementation contents and requirements at each process and defines the roles of related parties in order to take a panoramic view of security measures in the system life cycle.

Reference Material _ Cloud Service ISMAP Control Standard (PDF / 235 kb)

* "Reference Material _ Standard for Cloud Service ISMAP Management Measures" can be viewed only if the following two JIS standards have been purchased.
JIS Q 27014:2015 (ISO/IEC 27014:2013)
JIS Q 27017:2016 (ISO/IEC 27017:2015)

DS-201 Security Risk Analysis Guidelines in Government Information Systems ~ A Combined Baseline and Business Damage Approach ~

Articles (PDF/2,200 kb)
Consolidated Version (PDF/Word/Excel files) (ZIP / 3,688 kb)

Last Revised: March 31, 2023
Positioning Documentation - Informative
Summary: To ensure the security of information systems, it is essential to be aware of risks and reliably manage them. There are various methods for security risk analysis. This document introduces a procedure for risk analysis that combines a baseline and business damage. The purpose is to improve the balance between work efficiency and analysis accuracy.
This document is a demonstration of the procedures for security risk analysis in DS-200, Security by Design Guidelines for Government Information Systems.

Technical Report on Security Considerations in the DS-202 CI/CD Pipeline

Articles (PDF/980KB)
Consolidated Version (PDF/Word/Excel files) (ZIP / 1,533 kb)

Last Updated: March 29, 2024
Positioning Documentation - Informative
Abstract: In modern applications built on top of modern technologies, CI / CD pipelines are essential information system components for optimizing development processes and security measures. Attackers have begun to target them because of their value. This document describes CI / CD pipelines from a security perspective and provides guidance on points to consider for protection.
Attachment. Example of Infrastructure as Code Implementation by CI-CD Pipeline (PDF / 4,825 kb) (posted June 30, 2025)

DS-203 cybersecurity Supply Chain Risk in Government Information Systems: A Compilation of Good Practices

Articles (PDF/548KB)
Consolidated Version (PDF/Word file) (ZIP / 662 kb)

Last Updated: June 30, 2025
Positioning Documentation - Informative
Summary: In preparation for large-scale attacks and accidents caused by supply chain risks in government information systems, this document summarizes issues and presents good practices for risk management and countermeasures that take into account not only the organization or system itself but also the entire supply chain.

DS-210 Zero Trust Architecture Application Policies

Articles (PDF/774KB)
Consolidated Version (PDF/Word file) (ZIP / 981 kb)

Last Updated: June 30, 2022
Positioning Documentation - Informative
Overview: With the expansion of the use of cloud services and changes in the business environment in remote work and other areas, it is becoming difficult for the traditional boundary-type security model alone to completely prevent and protect against the sophisticated cyberattacks of recent years, and the application of zero trust thinking is required. This document explains the basic policies for applying zero trust and Architecture and describes the points to be noted at the time of introduction.

DS-211 Enterprise Architecture (EA) of Continuous Risk Assessment and Response (CRSA)

Articles (PDF/751KB)
Consolidated Version (PDF/Word file) (ZIP / 1,067 kb)

Last Revised: January 31, 2024
Positioning Documentation - Informative
Summary: In order to provide stable and secure services in the Zero Trust Architecture context, it is necessary to detect and reduce cybersecurity risks across the government at an early stage. This paper describes the Architecture of a platform for collecting and analyzing information to carry out this activity on an ongoing basis.

DS-212 Technical Report on Attribute-Based Access Control in Zero Trust Architecture Applied Policies

Articles (PDF/799KB)
Consolidated Version (PDF/Word file) (ZIP / 723 kb)

Last Revised: March 31, 2023
Positioning Documentation - Informative
Overview: According to the cloud-by-default principles, many tasks in future government information systems will be processed through cloud services. In order to maintain and improve the robustness of the traditional business processing environment, it is important to incorporate the idea of "zero trust cybersecurity", which adapts Architecture to new environments. The core of zero trust Architecture is to control the access between each resource required for the business process from various information. This document describes the over-view technical contents of attribute-based access control, which is one of the access control models, and utilizes information such as attributes assigned to resources and environment.

ABAC Implementation Example -Amazon Web Services (PDF / 537 kb)
ABAC Implementation Example -Microsoft Azure Active Directory (PDF / 973 kb)

DS-220 Technical Report on the Implementation of a Cybersecurity Framework in Government Information Systems

Articles (PDF/1,016 kb)
Consolidated Version (PDF/Word file) (ZIP / 1,225 kb)

Last Revised: March 31, 2023
Positioning Documentation - Informative
Overview: The increasing sophistication and complexity of cyberattacks requires strengthening cyber resiliency. Given the intrusion of threats, there is an increasing emphasis on enhancing information security confidentiality, integrity, and availability-by recognizing detection, response, and recovery in addition to identification and defense. Under these circumstances, the NIST Cybersecurity Framework has attracted worldwide attention.
The purpose of this technical report is to explain the cybersecurity framework and show the key points for introducing it into government information systems.

DS-221 Guidelines for Implementation of Vulnerability Diagnosis in Government Information Systems

Articles (PDF/1,148 kb)
Consolidated Version (PDF/Word file) (ZIP / 1,360 kb)

Last Updated: February 6, 2024
Positioning Documentation - Informative
Overview: In order to ensure cyber resilience in government information systems, it is important to conduct vulnerability assessments. This document describes the criteria and guidelines for introducing vulnerabilities so that the most appropriate vulnerability assessments can be selected and procured.

DS-231 Security Controls Cataloging Technical Report

Articles (PDF/599KB)
Consolidated Version (PDF/Word file) (ZIP / 769 kb)

Last Revised: March 31, 2023
Positioning Documentation - Informative
Description: Cataloguing security controls means assigning unique identifiers to independent security controls and categorizing them in a machine-readable format.
This will improve the efficiency, timeliness, accuracy and consistency of system security assessments by facilitating, for example, traceability between control element controls and automation of system configuration. This document provides an overview of cataloging security controls.
The OSCAL (Open Security Controls Assessment Language) described in this document is an effort to create a catalog of security controls. The OSCAL was developed by the NIST to express security controls in a machine-readable language. It can be described in three formats: XML, JSON, and YAML.
Example: OSCAL format description example "Guidelines for Establishing Standards for Measures for Government Organizations, etc. (July 4, 2023 version)" (ZIP / 298 kb) (published on September 20, 2024)
Using OSCAL , the "Uniform Standards for cybersecurity Measures for Government Organizations, etc." of and the "Guidelines for the Establishment of Standards for Measures for Government Organizations, etc. (FY 2023 Version) (PDF)" of of described in XML, JSON and YAML format are posted. & nbsp;
When each government agency specifies security management measures based on a group of unified standards for cybersecurity measures of government agencies, etc., more specific standards will be described. Therefore, structuring the security management measures of each government agency using expressions that take OSCAL into consideration will contribute to the automation and mechanization of their formulation, which can be expected to improve the efficiency of information sharing. In addition, it is expected to improve the quality of security control evaluations and to reduce the labor involved in them.

Cloud Documentation

DS-310 Basic Policy on the Appropriate Use of Cloud Services in Government Information Systems

Articles (PDF/800KB) (updated June 19, 2025)
Consolidated Version (PDF/Word file) (ZIP / 1,103 kb) (updated June 19, 2025)

Last Updated: May 27, 2025
Document Positioning: Normative
Overview: Regarding the system methods of government information systems, an appendix to the standard guidelines shows how to use the cloud appropriately (smartly) instead of simply using the cloud, while setting the adoption of cloud services as the default (first choice).

Data Federation Documentation

DS-400 Government Interoperability Framework (GIF)

GitHub (External Site)

It was released on GitHub (external site) on October 13, 2022.

Document (updated September 5, 2025)

Zip Download

If you can't use GitHub, please get it from the integrated version.

Consolidated Version (PDF/Word/Excel files) (ZIP / 34,366 kb) (updated September 5, 2025)
Last Updated: September 3, 2025
Positioning Documentation - Informative
Overview: The Government Interoperability Framework (Government Interoperability Framework) (GIF) will be provided as a practical guidebook for realizing a society in which data utilization and collaboration can be performed smoothly. By using this framework to organize data, it is possible to design data that is highly extensible and easy to collaborate.

Trust Documentation

DS-500 Guidelines for Online identity verification Methods in Administrative Procedures

Articles (PDF/1,506 kb)
Consolidated Version (PDF/Word file) (ZIP / 1,996 kb)

Last Updated: February 25, 2019
Document Positioning: Normative
Summary: Annex to the standard guideline showing the online digitalisation method necessary for identity verification of various administrative procedures.

Reference Materials _ Interim Report for Revision (Fiscal Year 2022 (FY 2022)) (PDF / 3,580 kb) (posted June 29, 2023)
Reference Materials _ Interim Report for Revision (Fiscal Year 2023 [FY 2023]) (PDF / 2,123 kb) (updated on July 23, 2024)
Reference Materials _ Summary for Revision (Fiscal Year 2024 (FY 2024)) (PDF / 1,152 kb) (posted April 1, 2025)
Reference Material - "Guidelines for Online identity verification Methods in Administrative Procedures" Q & amp; A (PDF / 387 kb) (posted June 17, 2024)

DS-531 Basic Approach to digitalisation of Disposal Notices, etc.

Articles (PDF/310KB)
Consolidated Version (PDF/Word file) (ZIP / 373 kb)

Last Revised: March 31, 2023
Positioning Documentation - Informative
Overview: With the aim of improving the convenience of individuals and corporations, etc. and the efficiency of administrative operations, in order to promote the digitalisation of disposition notices, etc. in the short term, common ideas and methods of responding to issues, etc. will be provided so that they can be used as a reference in practice.

Reference Material - "Basic Approach to digitalisation of Disposal Notice, etc." Q & amp; A (PDF / 169 kb)
Reference Material -- Flowchart for Examining Examples of Short-term Methods for digitalisation of Disposition Notices, etc.
PDF(189KB)/Excel(21KB)