:PROPERTIES:
:ID:       auto-ismap
:CREATED:  [2026-05-23 Sat]
:END:
#+title: is moderate — few non-Japanese vendors target APPI specifically, and the 2022
#+filetags: :passepartout:compliance:framework:ismap:

is moderate — few non-Japanese vendors target APPI specifically, and the 2022
amendments added requirements that created compliance gaps.

** ISMAP (Government Information System Security Management and Assessment Program)

Japan's government cloud security program — analogous to FedRAMP. Cloud services
used by Japanese government agencies must be ISMAP-authorized. Managed by the
Digital Agency and the Information-technology Promotion Agency (IPA).

Who must comply: Cloud service providers selling to Japanese national and local
government agencies.

Why it matters: Like FedRAMP, ISMAP is a procurement gate. Authorization is
time-consuming and expensive. A compute marketplace provider with ISMAP
authorization has exclusive access to the Japanese government market. First-mover
advantage is significant — as of 2025, fewer than 100 services are ISMAP-registered.