1. Home
  2. News Releases
  3. Back Issues
  4. January FY2020
  5. Study Group on Security Assessment of Cloud Services Compiles its Discussion Results into Report

Study Group on Security Assessment of Cloud Services Compiles its Discussion Results into Report

January 30, 2020

The Ministry of Economy, Trade and Industry (METI) and the Ministry of Internal Affairs and Communications (MIC) launched a Study Group on Security Assessment of Cloud Services to encourage both the public and private sectors to introduce cloud services into their systems in a more safe and secure manner and continue to use them. Since then, the study group has been holding discussions on necessary approaches to assessing cloud services to see if such services satisfy certain requirements for security in order to be introduced into the government. As an outcome of the discussions, it compiled the discussion results into a report, and, in parallel with this, the Cybersecurity Strategic Headquarters decided on [i] a basic framework of this assessment system (hereinafter referred to as the “system”), [ii] approaches to making use of the system in the respective governmental organizations and other entities, and [iii] the administrative jurisdiction and the operation structure concerning the system.

1. Background and purpose

In light of the Future Investment Strategy 2018, which was approved by the Cabinet on June 15, 2018, METI and MIC launched a Study Group on Security Assessment of Cloud Services in August 2018, and since then, the study group has been holding discussions on approaches to assessing the security of cloud services.

In its meetings, the study group brought together experts with rich knowledge on information security and data utilization and held discussions on necessary approaches to assessing cloud services to see if such services satisfy certain requirements for security in order to be introduced into the government, in parallel with referring to a variety of existing guidelines on cloud services, domestic and overseas certification systems, audit systems and other case examples.

Based on the results of the call for public comments on the draft interim report from December 12 (Thur.) to 26 (Thur.), 2019, the study group revised the draft report as necessary and compiled the discussion results into another report.

Moreover, at its meeting held on January 30, 2019, the Cybersecurity Strategic Headquarters decided on [i] a basic framework of the system, [ii] approaches to making use of the system in the respective governmental organizations and other entities, and [iii] the administrative jurisdiction and the operation structure concerning the system.

This report describes the specifics of the framework of the system. In addition, the ministries have been still discussing a variety of criteria for the system and will provide another occasion for calling for public comments on such criteria.

2. Related material

3. References

4. Related government decisions

Excerpts of the Future Investment Strategy 2018 (approved by the Cabinet on June 15, 2018)

II. Developing infrastructures toward economic structural innovations
[1] Developing common infrastructures in a data-driven society
1. Encouraging investment in infrastructure systems and technologies
(3) Specific measures that Japan should additionally take
(ii) Securing cybersecurity
(omitted)

Excerpts of the Growth Strategy Follow-ups (approved by the Cabinet on June 21, 2019)

I. Realizing Society 5.0
5. Smart public services
(2) Specific measures that Japan should additionally take
(ii) Promoting digital transformation (DX) in administrative organizations
B. Further utilizing advanced technologies in administrative organizations of the government

Excerpts of the Digital Government Action Plan (approved by the Cabinet on December 20, 2019)

3.3 Thorough utilization of cloud services in administrative organizations
(2) Security assessment of cloud services
In introducing cloud services into government organizations, it is necessary to procure such services with fully ensured measures for information security. Accordingly, Japan should introduce a framework for assessing cloud services taking advantage of criteria for assessing security as well as audit systems for assessing security which are utilized in introducing cloud services into the government. To this end, the Ministry of Internal Affairs and Communications and the Ministry of Economy, Trade and Industry have collaboratively inaugurated the Study Group on Security Assessment of Cloud Services and have been advancing discussions.

The Cabinet Secretariat, the Ministry of Internal Affairs and Communications and the Ministry of Economy, Trade and Industry will continue to advance discussions on the development of environments and other issues so that all government organizations are able to embark on using cloud services, by the end of FY2020, about which ensured security is assessed by taking advantage of the framework mentioned above.

Division in Charge

Related website