METI
Font Size Change
S
M
L
Easy Web Browsing tool

Two Cybersecurity-related Standards Formulated Information Security Service Standards and Standards for Examination-Registration Organizations for Information Security Services

The Ministry of Economy, Trade and Industry (METI) considers it important to foster environments in which everyone is able to make use of information security services in a secured manner. To achieve this goal, METI formulated two cybersecurity-related standards: Information Security Service Standards and Standards for Examination-Registration Organizations for Information Security Services. In addition, METI requested the Information-Technology Promotion Agency, Japan (IPA) to research the current situation of businesses providing information security services that meet the Information Security Service Standards and to announce the research results.

1. Background

In recent years, the number of cyber-attacks is on an increasing trend and the methods of attack are becoming more and more sophisticated. To address this situation, users need to take secured approaches to cybersecurity measures by using not only conventional measures, e.g., purchasing cybersecurity products, but also information security services provided by businesses.

However, ordinary service users, not experts in this field, often face difficulties in determining the quality of information services provided by many information service providers when they try to choose an appropriate provider.

In this situation, Japan has been requested to provide a system in which a third party objectively determines whether or not such service providers strive to maintain the predetermined quality of their information security services and the party compiles the determination results into a registry or other means and publicizes to which service users are able to refer in procuring information security services.

To meet the demand, METI held meetings to study an examination-registration system of security services, examined opinions by experts and public comments, and finally formulated and publicized two cybersecurity-related standards: Information Security Service Standards and Standards for Examination-Registration Organizations for Information Security Services.

2. Outline of the standards

(1) Information Security Service Standards

The Information Security Service Standards target: information security inspection, vulnerability diagnosis, digital forensics, and security monitoring and operation services.

The standards stipulate a certain level of quality in the respective services: [ⅰ] technical requirements, e.g., qualification requirements and explicit indication of specifications, and [ⅱ] quality management requirements, e.g., allocation of quality managers to appropriate duties, development of quality management manuals, and current situation where service providers have introduced procedures for maintaining and improving quality.

(2) Standards for Examination-Registration Organizations for Information Security Services

Examination-registration organizations are bodies to examine applicants as private information service providers as to whether or not the providers’ services comply with the Information Security Service Standards, and register appropriate providers. The Standards for Examination-Registration Organizations for Information Security Services stipulate rules that such organizations should observe, including fairness in examination and general rules for organization management and examination procedures.

3. IPA’s research for information security services to find their compliance with the Information Security Service Standards, and its release of research results

In line with the publication of the Information Security Service Standards, METI requested IPA to research the level of market dissemination of information security services that meet the standards and to publicize the research results so that people intending to use such services are able to refer to the results.

Release date

February 28, 2018

Division in Charge

Cybersecurity Division, Commerce and Information Policy Bureau

Related website

Ministry of Economy, Trade and Industry1-3-1 Kasumigaseki, Chiyoda-ku, Tokyo 100-8901, Japan Tel: +81-(0)3-3501-1511
Copyright Ministry of Economy, Trade and Industry. All Rights Reserved.