Policy ProposalsIndustrial Technology

April 25, 2022

Cybersecurity Enhancement Working Group
Committee on Cyber Security
Keidanren

1. Relationships among Frameworks

We would suggest clarifying the relationship among NIST SP800 series publications in the cybersecurity framework (CSF) documents. For example, if companies also apply SP800-207 (Zero-Trust Architecture) when taking measures using the NIST CSF and SP800-171, it would be useful to have some indication of effects on the five core functions.

2. Relative Importance of the CSF Function Categories/Subcategories

Since recent updates to the NIST CSF have tended to emphasize the カジノシークレット仮想通貨入金出金uot;respondカジノシークレット仮想通貨入金出金uot; and カジノシークレット仮想通貨入金出金uot;recoverカジノシークレット仮想通貨入金出金uot; functions, we suggest a review of the relative importance of the function categories/subcategories.

3. Request for Future Framework Updates

Japan is looking ahead to a society where all people and things are connected via the Internet of Things, a concept we call カジノシークレット仮想通貨入金出金uot;Society 5.0.カジノシークレット仮想通貨入金出金uot; Many companies in Japan utilize the NIST CSF when implementing cybersecurity measures. As part of such measures, companies need to minimize shutdowns of system interoperability and thus minimize カジノシークレット仮想通貨入金出金uot;respondカジノシークレット仮想通貨入金出金uot; and カジノシークレット仮想通貨入金出金uot;recoverカジノシークレット仮想通貨入金出金uot; actions. When an incident occurs, business must be halted once the カジノシークレット仮想通貨入金出金uot;respondカジノシークレット仮想通貨入金出金uot; and カジノシークレット仮想通貨入金出金uot;recoverカジノシークレット仮想通貨入金出金uot; phases are reached.

To avoid reaching this point, it is important to introduce the Zero-Trust Architecture (ZTA) concepts of SP800-207, establish a new カジノシークレット仮想通貨入金出金uot;preventカジノシークレット仮想通貨入金出金uot; phase between the カジノシークレット仮想通貨入金出金uot;protectカジノシークレット仮想通貨入金出金uot; and カジノシークレット仮想通貨入金出金uot;detectカジノシークレット仮想通貨入金出金uot; phases, and take preventive measures before an incident forces business to halt.

In the カジノシークレット仮想通貨入金出金uot;preventカジノシークレット仮想通貨入金出金uot; phase, authenticity of all people (authentication), things (procurement, economic security), and processes related to the supply chain should always be confirmed on a zero-trust basis.