Security & Trust Center

ISMAP

ISMAP (Information System Security Management and Assessment Program) is the Japanese government’s cloud security certification framework. It establishes a standardized set of security, risk management, and operational controls that cloud service providers must meet in order to be eligible to provide services to Japanese government agencies. Similar in spirit to FedRAMP in the U.S., ISMAP creates a vetted registry of approved cloud services that have undergone rigorous third-party assessment and government review. ISMAP builds trust in the security of cloud environments handling public-sector data, reduces duplicate security evaluations across agencies, and enables faster procurement and adoption of cloud services within Japan’s government ecosystem.