10 2
CUI 2010 11 9 13556 Classified CUI Controlled Unclassified Information CUI NARA CUI CUI CUI CUI NARA *1 3
72 NIST SP800-171 System Security Plan, SSP Plan of Action and Milestones, POA&M NIST National Institute of Standards and Technology, NIST SP800-53 2015 6 CUI SP800-53 SP800-171 2016 5 14 CUI NIST SP800-171 FAR 52.204-21 9 14 CUI SP800-171 CUI 32 CFR 2002.14 2016 10 NIST SP800-171 CUI DFARS 252.204-7012 2017 12 31 NIST SP800-171 2,500 AIAG: Automotive Industry Action Group 2018 5 2 NIST SP800-171 NERC: North American Electric Reliability Corporation NIST SP800-171 CUI 2010 11 9 (Executive Order)13556 180 CUI CUI 2015 6 CUI NIST SP800-171 2016 5 14 (FAR)52204-21 2016 9 14 32 (CFR)2002.14 2016 10 DFARS 252.204-7012 CUI 2017 12 31 NIST SP800-171 4
NIST SP800-171 5 NIST NIST CSF (Cybersecurity Framework) 5 *2 NIST National Cybersecurity Center of Excellence 5 5
IoT ICT 6
Society5.0 CUI CUI CUI 2020 3 *3 NIST http://www.meti.go.jp/committee/kenkyukai/shoujo/sangyo_cyber/wg_1/pdf/001_04_00.pdf *3 7
Cloud Service Provider: CSP FedRAMP: Federal Risk and Authorization Management Program FedRAMP FedRAMP Concept of Operations http://www.gsa.gov/portal/getmediadata?mediaid=154239 FedRAMP HP FedRAMP MARKET PLACE https://marketplace.fedramp.gov/#/products?status=compliant&sort=productname 8
DoD IG: DoD Inspector GeneralLogical and Physical Access Controls at Missile Defense Agency Contractor Locations 2017 3 12 BMDS UCTI DFARS NIST SP800-171 MDA 7 NIST SP800-171 DoD IG 7 SP800-171/53 (SP800-171/53 ) 5/7 4/7 7/7 1/7 1/7 5/7 7 5/7 5/7 4/7 DoD IG[Logical and Physical Access Controls at Missile Defense Agency Contractor Locations] https://media.defense.gov/2018/apr/02/2001898150/-1/-1/1/dodig-2018-094.pdf 9
NIST SP800-171 SP800-53 NIST CSF NIST CSP NIST SP800-171 10
CUI CUI IoT CUI DHS NARA National Archives https://www.archives.gov/cui/registry/category-list 11
ISO27001 NIST 70% SP800-171 70% 77 3.1 3.4 3.5 3.7 3.10 3.13 3.14 33 3.2 3.3 3.6 3.8 3.9 3.11 3.12 12
NIST SP800-171 9 1 9 NIST SP800-171 "SP800-171" 1 CUI CUI CUI CUI CUI 2 CUI 1 CUI CUI CUI CUI ISO27001 ISMS 3 CUI NIST 4 SP800-171 CUI SP800-171 SP800-171 SP800-171 5 SP800-171 SP800-171 13
SP800-171 171 Go/NoGo 6 SP800-171 7 SP800-171 SP800-171 National Vulnerability Database, NVD 8 SP800-171 SP800-171 NIST SSP System Security Plan 9 SP800-171 SP800-171 SP800-171 SP800-171 SP800-171 NIST SP800-171 1 CUI CUI CUI CUI 2 CUI CUI CUI 3 CUI NIST NIST CSF NIST 4 SP800-171 CUI 171 SP800-171 5 SP800-171 SP800-171 6 SP800-171 () SP800-171 SP800-171 7 SP800-171 SP 800-171 8 SP800-171 SP 800-171 171 SSP SP800-171 9 SP800-171 SP800-171 14
2016 11 35 2016 10 FedRAMP NIST SP800 S/W H/W 2017 6 S/W H/W 15
E-mail : Deloitte_Japan_A_D@tohmatsu.co.jp www.deloitte.com/jp/dtc/ DT 40 11,000 Web www.deloitte.com/jp Deloitte 150 Fortune Global 500 8 Making an impact that matters 245,000 Facebook LinkedIn Twitter Deloitte DTTL DTTL DTTL Deloitte Global Deloitte www.deloitte.com/jp/about Member of Deloitte Touche Tohmatsu Limited 2018. For information, contact Deloitte Tohmatsu Consulting LLC. 16