Information System Security Management and Assessment Program

ISMAP stands for “Information System Security Management and Assessment Program”. ISMAP is a Japanese government security assessment system which aims to ensure an appropriate security level in government cloud service procurement by proactively evaluating and registering cloud services that meet government security requirements. This is expected to help contribute to the smooth introduction of cloud services in Japan’s public sector.

Cloud service providers who provide their services to central and local government can be assessed and certified by ISMAP. However, it is expected that the scope of coverage expanded and the system will be used by the private sector for critical economic security equipment, etc. related to critical infrastructure.

Yes, AWS is ISMAP certified. The details are available on the ISMAP Official Portal Site.

The entirety of Amazon Web Services is covered. However, for details on the target regions and services recently evaluated, please see the ISMAP portal site web page of ISMAP of the Independent Administrative Institution Information Processing Promotion Organization. Additionally, you can view a list of ISMAP compliant services that have been evaluated by ISMAP accredited evaluation bodies on  AWS Services in Scope by Compliance Program.

ISMAP provides a unified security requirement standard for assessing cloud service providers. When purchasing cloud services, it was previously necessary for central and local government agencies to individually perform due-diligence on the security measures implemented by the CSPs. With the introduction of the ISMAP program, central and local government agencies will be able to procure cloud services registered under this program, more quickly due to the elimination of the need to perform individual due-diligence.

AWS will make available necessary information and procedures to support customers in implementing security for their functions to meet ISMAP standard requirements for their ISMAP certification.