AWS Cloud Security

Information System Security Management and Assessment Program

(ISMAP)

Overview

Information System Security Management and Assessment Program (ISMAP) is a Japanese government program for assessing the security of public cloud services. The aim of ISMAP is to enable a common set of security standards for the Cloud Service Provider (CSP) to comply as baseline requirements for government procurement. ISMAP introduces security requirements for the cloud domains, practices, and procedures that cloud service providers must implement. Cloud service providers must engage with a ISMAP approved assessor to assess compliance with the ISMAP security requirements in order to apply as a ISMAP registered provider. The ISMAP program will evaluate the security of cloud service provider, and register those who satisfy the Japanese government’s security requirements. Upon successful ISMAP registration as a registered providers, government procurement departments can accelerate their engagement with the registered providers.

AWS enables service providers and customers on AWS to create ISMAP-compliant environment.

Page topics

FAQs
6

FAQs

Open all

What is ISMAP?

ISMAP stands for “Information System Security Management and Assessment Program”. ISMAP is a Japanese government security assessment system which aims to ensure an appropriate security level in government cloud service procurement by proactively evaluating and registering cloud services that meet government security requirements. This is expected to help contribute to the smooth introduction of cloud services in Japan’s public sector.

Who can be ISMAP certified?

Cloud service providers who provide their services to central and local government can be assessed and certified by ISMAP. However, it is expected that the scope of coverage expanded and the system will be used by the private sector for critical economic security equipment, etc. related to critical infrastructure.

Is AWS ISMAP certified?

Yes, AWS is ISMAP certified. The details are available on the ISMAP Official Portal Site.

Which AWS services and regions are in-scope of ISMAP?

The entirety of Amazon Web Services is covered. However, for details on the target regions and services recently evaluated, please see the ISMAP portal site web page of ISMAP of the Independent Administrative Institution Information Processing Promotion Organization. Additionally, you can view a list of ISMAP compliant services that have been evaluated by ISMAP accredited evaluation bodies on AWS Services in Scope by Compliance Program.

Why is ISMAP being implemented?

ISMAP provides a unified security requirement standard for assessing cloud service providers. When purchasing cloud services, it was previously necessary for central and local government agencies to individually perform due-diligence on the security measures implemented by the CSPs. With the introduction of the ISMAP program, central and local government agencies will be able to procure cloud services registered under this program, more quickly due to the elimination of the need to perform individual due-diligence.

Does AWS provide solutions to help with ISMAP certification?

AWS will make available necessary information and procedures to support customers in implementing security for their functions to meet ISMAP standard requirements for their ISMAP certification.

ISMAP Resources

Compliance

ISMAP Overview

Learn more