The Japanese government has a current framework for the Security Evaluation System for Government Information Systems (ISMAP), required for all cloud services providing services to government information systems. While reviewing the requirements for systems handling confidentiality level 2 information under IaaS, PaaS, and SaaS setups, the MIC noted that SaaS requirements may be overly onerous, and excessive security requirements may be imposed.
The ISMAP-Low Impact Use (ISMAP-LIU) mechanism is therefore proposed, with registration, security evaluation, audit procedures and management standards, as well as impact assessment guidelines for establishing the thresholds for low-impact usage.
Comments are open until 5 July 2022, click here.
If you would like to know more about this regulation, or would like to commission a draft response to this call for comments, please contact May-Ann [email protected].