gbrain: sync converted org-mode brain files

ideas/compliance/ismap.org

@@ -2,15 +2,15 @@
 :ID:       auto-ismap
 :CREATED:  [2026-05-23 Sat]
 :END:
-#+title: is moderate — few non-Japanese vendors target APPI specifically, and the 2022
+#+title: ISMAP (Government Security Framework — Japan)
 #+filetags: :passepartout:compliance:framework:ismap:
 
-is moderate — few non-Japanese vendors target APPI specifically, and the 2022
+is moderate — few non-Japanese vendors target [[file:appi.org][APPI]] specifically, and the 2022
 amendments added requirements that created compliance gaps.
 
 ** ISMAP (Government Information System Security Management and Assessment Program)
 
-Japan's government cloud security program — analogous to FedRAMP. Cloud services
+Japan's government cloud security program — analogous to [[file:fedramp.org][FedRAMP]]. Cloud services
 used by Japanese government agencies must be ISMAP-authorized. Managed by the
 Digital Agency and the Information-technology Promotion Agency (IPA).
 
@@ -18,7 +18,7 @@ Who must comply: Cloud service providers selling to Japanese national and local
 government agencies.
 
 Why it matters: Like FedRAMP, ISMAP is a procurement gate. Authorization is
-time-consuming and expensive. A compute marketplace provider with ISMAP
+time-consuming and expensive. A [[file:../compute-marketplace.org][compute marketplace]] provider with ISMAP
 authorization has exclusive access to the Japanese government market. First-mover
 advantage is significant — as of 2025, fewer than 100 services are ISMAP-registered.