gbrain: sync converted org-mode brain files

ideas/compliance/ismap.org

@@ -0,0 +1,24 @@
+:PROPERTIES:
+:ID:       auto-ismap
+:CREATED:  [2026-05-23 Sat]
+:END:
+#+title: is moderate — few non-Japanese vendors target APPI specifically, and the 2022
+#+filetags: :passepartout:compliance:framework:ismap:
+
+is moderate — few non-Japanese vendors target APPI specifically, and the 2022
+amendments added requirements that created compliance gaps.
+
+** ISMAP (Government Information System Security Management and Assessment Program)
+
+Japan's government cloud security program — analogous to FedRAMP. Cloud services
+used by Japanese government agencies must be ISMAP-authorized. Managed by the
+Digital Agency and the Information-technology Promotion Agency (IPA).
+
+Who must comply: Cloud service providers selling to Japanese national and local
+government agencies.
+
+Why it matters: Like FedRAMP, ISMAP is a procurement gate. Authorization is
+time-consuming and expensive. A compute marketplace provider with ISMAP
+authorization has exclusive access to the Japanese government market. First-mover
+advantage is significant — as of 2025, fewer than 100 services are ISMAP-registered.
+