Note: This document is a tentative translation of “Common Model of Information Security
Measures for Government Agencies and Related Agencies” for purpose of reference and its
accuracy is not guaranteed. Any entity does not accept responsibility for any disadvantage
derived from the information described in the document.
Common Model of Information Security Measures for Government Agencies and Related
Agencies
31st August, 2016
Revised 25th July, 2018
Cybersecurity Strategic HQ Decision
Chapter 1.
Chapter 2.
Purpose and Application Target (Articles 1 to 2)
Basic Policy of Information Security Measures for Government Agencies and
Related Agencies (Articles 3 to 4)
Chapter 3.
Basic Measures of Information Security Measures for Government Agencies and
Related Agencies (Articles 5 to 23)
Supplementary provisions
Chapter 1.
Purpose and Application Target
(Purpose)
Article 1. The purpose of this model is to provide a common framework of measures that Agencies
shall take as policy standards on the cybersecurity of national administrative organs,
Incorporated Administrative Agencies, and Designated Corporations (hereinafter referred to
as the “Agencies”) stipulated by Item (2), Paragraph 1, Article 25 of the Basic Act on
Cybersecurity (Act No. 104 of 2014; hereinafter referred to as the “Act”) and to strengthen
and enhance information security measures including cybersecurity measures of Agencies as
a whole by making each Agency work for measures under its own responsibility.
(Application Target)
Article 2. The organizations that are the application target of this model shall include those listed
in the following items.
(a) National administrative organs: Agencies of the Cabinet based on rule of law or relevant