:PROPERTIES:
:ID:       085b76cc-4a65-4660-9c70-85aee10ca99e
:ID:       auto-ismap
:CREATED:  [2026-05-23 Sat]
:END:
#+title: ISMAP (Government Security Framework — Japan)
#+filetags: :passepartout:compliance:framework:ismap:

is moderate — few non-Japanese vendors target [[id:b852ec69-0fc2-435c-ae1e-6b83e49b3ca3][APPI]] specifically, and the 2022
amendments added requirements that created compliance gaps.

** ISMAP (Government Information System Security Management and Assessment Program)

Japan's government cloud security program — analogous to [[id:e6993701-3c67-49bf-82f3-06907572cbf3][FedRAMP]]. Cloud services
used by Japanese government agencies must be ISMAP-authorized. Managed by the
Digital Agency and the Information-technology Promotion Agency (IPA).

Who must comply: Cloud service providers selling to Japanese national and local
government agencies.

Why it matters: Like FedRAMP, ISMAP is a procurement gate. Authorization is
time-consuming and expensive. A [[id:3c6b0449-a8fb-5b89-b82a-34efb21ef5b5][compute marketplace]] provider with ISMAP
authorization has exclusive access to the Japanese government market. First-mover
advantage is significant — as of 2025, fewer than 100 services are ISMAP-registered.