0a8e77e949
- Moved everything from ideas/passepartout/ to projects/passepartout/ - Moved legal structures to projects/flags/ - Created missing _index.org files for all subdirectories - Stripped redundant passepartout- prefix from filenames - Rewrote root _index.org as generalized brain index (projects + concepts) - Updated Hugo nav to Projects/Concepts - Updated build script section descriptions - Deleted stale ideas/passepartout-economics.md orphan
26 lines
1.2 KiB
Org Mode
26 lines
1.2 KiB
Org Mode
:PROPERTIES:
|
|
:ID: 085b76cc-4a65-4660-9c70-85aee10ca99e
|
|
:ID: auto-ismap
|
|
:CREATED: [2026-05-23 Sat]
|
|
:END:
|
|
#+title: ISMAP (Government Security Framework — Japan)
|
|
#+filetags: :passepartout:compliance:framework:ismap:
|
|
|
|
is moderate — few non-Japanese vendors target [[id:b852ec69-0fc2-435c-ae1e-6b83e49b3ca3][APPI]] specifically, and the 2022
|
|
amendments added requirements that created compliance gaps.
|
|
|
|
** ISMAP (Government Information System Security Management and Assessment Program)
|
|
|
|
Japan's government cloud security program — analogous to [[id:e6993701-3c67-49bf-82f3-06907572cbf3][FedRAMP]]. Cloud services
|
|
used by Japanese government agencies must be ISMAP-authorized. Managed by the
|
|
Digital Agency and the Information-technology Promotion Agency (IPA).
|
|
|
|
Who must comply: Cloud service providers selling to Japanese national and local
|
|
government agencies.
|
|
|
|
Why it matters: Like FedRAMP, ISMAP is a procurement gate. Authorization is
|
|
time-consuming and expensive. A [[id:3c6b0449-a8fb-5b89-b82a-34efb21ef5b5][compute marketplace]] provider with ISMAP
|
|
authorization has exclusive access to the Japanese government market. First-mover
|
|
advantage is significant — as of 2025, fewer than 100 services are ISMAP-registered.
|
|
|