2011 4-1 -
2006/3/10 2006/4/21 2006/6/16 1. 9.3.5 2. ST ST 3. 2006/8/4 2007/11/9 ( ) 2008/9/8 ( ) 2011/4/21 1. 2. 3. - 2 -
1... 5 2... 5 2.1 NISD-K304-101... 5 2.2... 6 3... 6 4... 7 5... 7 5.1... 8 5.2... 11 6... 11 7... 11 7.1... 11 7.2... 12 7.3... 12 7.4... 13 7.5... 13 8... 14 8.1... 14 8.1.1... 14 8.1.2... 15 8.1.3... 16 8.1.4... 17 8.2... 17 9 NISD-K304-101 19 9.1... 19 9.2... 19 9.2.1... 20 9.2.2... 21 9.2.3... 23 9.2.4... 24 9.2.5... 25 9.2.6... 26 9.2.7-3 -
26 9.3... 28 9.3.1... 28 9.3.2... 38 9.3.3... 38 9.3.4... 39 9.3.5... 40 9.4... 41 9.4.1... 41 9.4.2... 42 9.4.3... 42 9.5... 43 9.6... 45 9.6.1 ST ST... 45 9.6.2 IT... 46-4 -
1 NISD-K304-101 2 2.1 NISD-K304-101 1.2.5.1 (1) - 5 -
1.2.5.1 (2) 1.2.5.1 (3) 1.2.5.1 (4) 1.2.5.1 (5) 1.2.5.1 (6) 1.5.1.1 (1) (d) IT (g) ST ST 1.5.2.3 (1) (a)( ) ST ST 2.2 2.1 NISD-K304-101 3-6 -
1 2 3 4 5 6 7 8 9 10 11 1 2 3 4 (1) (2) (3) 5-7 -
5.1 (1) CIO2007 19 3 1 http://www.soumu.go.jp/main_sosiki/gyoukan/kanri/pdf/070301_1.pdf -2006 18 7 26 IT 18 8 31 CIO (2) 2011 4 (3) 19 8 http://www.meti.go.jp/policy/netsecurity/downloadfiles/070824benchmark.pdf IPA http://www.ipa.go.jp/security/benchmark/index.html IPA 17 3 http://www.meti.go.jp/policy/netsecurity/sec_gov-toppage.html http://www.meti.go.jp/policy/netsecurity/downloadfiles/sec_gov-report.pdf 19 8-8 -
(4) IT IPA http://www.ipa.go.jp/security/jisec/index.html IT ISO/IEC 15408 (Common Criteria) 2011 4 IT (5) 2011 4 3 IT (6) ST ST 2011 4 ST ST (7) 2011 3 SBD: Security By Design (8) http://www.meti.go.jp/policy/netsecurity/audit.htm - 9 -
2002 9 2003 3 Ver1.02003 3 26 2003 4 http://www.meti.go.jp/policy/netsecurity/is-kansa/index.html (9) SaaS SLA 2008 1 http://www.meti.go.jp/press/20080121004/03_guide_line_set.pdf SaaS ASP SaaS IPA SaaS (10) ASP SaaS 2008 1 http://www.soumu.go.jp/menu_news/s-news/2008/pdf/080130_3_bt3.pdf 2007 6 2008 1 ASP SaaS ASP SaaS ASP SaaS (11) 2010 8 http://www.meti.go.jp/press/20100816001/20100816001.html 2010 7 2010 8 (12) 2011 4 http://www.meti.go.jp/policy/netsecurity/docs.html - 10 -
ISO/IEC27002:2005 ISO/IEC27002:2005 5.2 (1) JIPDEC http://www.isms.jipdec.jp/isms.html JIS Q 27001:2006 JIS Q 27002:2006 6 7 7.1 (1) 2.1 NISD-K304-101 (2) - 11 -
7.2 (1) (2) 2.1 NISD-K304-101 7.3 (1) (2) (3) (4) (5) (6) - 12 -
7.4 (1) 9.1 (2) 9.2 (3) 9.3 (4) 9.4 (5) 9.5 7.5-13 -
(1) (2) 8 8.1 1 8.1.1 9.3.1 (1) 1 NISD-K304-101C 1.2.5.1-14 -
(2) (9) (2) (3) (4) (5) (6) (7) (1) (6) (8) (1) (6) (9) 8.1.2-15 -
ASP 8.1.1 (1) (2)(4) (9) (3) (3) 9.3.1 8.1.3 9.3.1 (1) (2) (5) (2) (3) - 16 -
(4) (1) (3) (5) 8.1.4 8.2 2 2 3 1)SaaS Web 2)PaaS 3)IaaS - 17 -
- 18 -
9 NISD-K304-101 9.1 1.2.5.1 (1) (a) (1) (2) (3) (1)(2) 9.2-19 -
9.2.1 1.2.5.1 (1) (b) (1) 8 9.2.2 (2) 9.2.3 9.2.6-20 -
9.2.2 1.2.5.1 (1) (c) (1) JIPDEC ISMS http://www.isms.jipdec.jp/isms.html (2) 25 15 19 8 http://www.meti.go.jp/policy/netsecurity/sec_gov-toppage.html http://www.meti.go.jp/policy/netsecurity/downloadfiles/070824benchmark.pdf IPA http://www.ipa.go.jp/security/benchmark/index.html - 21 -
JIPDEC ISMS JIS Q 27001:2006 ISO/IEC 27001:2005 JIS Q 27002:2006 ISO/IEC 17799:2005 1 1 3 JIS Q 27001:2006 A 25 (3) - 22 -
ISO/IEC 17799:2000 (JIS X 5080:2002) http://www.meti.go.jp/policy/netsecurity/audit.htm http://www.meti.go.jp/policy/netsecurity/is-kansa/index.html JASA http://www.jasa.jp/index.html 9.2.3 1.2.5.1 (2) (a) 9.3.1-23 -
ASP (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) 9.2.2 9.2.4-24 -
1.2.5.1 (2) (b) 2 (1) (2) 9.2.5-25 -
1.2.5.1 (2) (c) 9.2.3 (1) (7) 9.2.6 1.2.5.1 (3) (a) (1)(b) 9.2.7 1.2.5.1 (3) (b) - 26 -
(1)(c) (1) 9.2.3 (1) (2) (7) (3) JIPDEC ISMS 2007 11 1 ISMS JIPDEC (2) - 27 -
25 5 2007 11 2 (3) 2007 11 3 9.3 9.3.1 1.2.5.1 (4) (a) - 28 -
- 29 -
ASP (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12) (13) (1) (2) (13) - 30 -
(2) (3) - 31 -
2007 11 ST Security Target ST ST 9.6.1 ST ST ST ST ST ST 2007 11 (4) (5) - 32 -
3 (6) (7) 3 JPCERT - 33 -
(8) (9) (1) (8) - 34 -
捗 4 4-35 -
9.5 (10) (1) (8) http://www.meti.go.jp/policy/netsecurity/audit.htm http://www.jasa.jp/index.html 2007 11 3 (11) (9) (10) - 36 -
(12) 9.3.2 (13) 9.3.5 (14) - 37 -
9.3.2 1.2.5.1 (4) (b) (1) (2) (3) 9.3.3-38 -
1.2.5.1 (4) (c) 6.1.2 (3) (a) (1) (2) (3) 9.3.4 1.2.5.1 (4) (d) 5-39 -
9.3.5 1.2.5.1 (4) (e) (1) (2) 5-40 -
9.4 9.4.1 1.2.5.1 (5) (a) 3.2.5-41 -
6.1.2 (5)(a) 9.4.2 1.2.5.1 (5) (b) 9.3.1 (8) 9.4.3 1.2.5.1 (5) (c) 9.3.1 (9) (1) (8) (10) (11) - 42 -
9.5 1.2.5.1 (6) (a) 9.3.1 9.3.2 (1) - 43 -
(2) (3) - 44 -
9.6 9.6.1 ST ST ST ST 1.5.1.1 (1) (g) ST Security Target ST ST 1.5.2.3 (1) (a) ( ) ST Security Target ST ST ST ST ISO/IEC 15408 ST ST ST ST ST ST (1) ST ST - 45 -
(2) ST ST (3) ST ST (4) ST ST ST ST ST ST ST ST ST ST ST 2007 11 9.6.2 IT IT 1.5.1.1 (1) (d) IT ISO/IEC 15408 IT (1) - 46 -
IT (2) IT (3) IT IT 2007 11 2011 4-47 -