7 1*FþGGGMG GVGwG2G Fø FçFöFþGCG2G^G … ( \FÜ5 0iFéG CUIFþ 1¤ 2010 º11 v9 ¥F¸G8G^Gl ;...
Transcript of 7 1*FþGGGMG GVGwG2G Fø FçFöFþGCG2G^G … ( \FÜ5 0iFéG CUIFþ 1¤ 2010 º11 v9 ¥F¸G8G^Gl ;...
3
CUI
2010 11 913556
ClassifiedCUI Controlled Unclassified
InformationCUI
NARA CUICUI CUI
CUI
NARA
*1
4
NIST
National Institute of Standards and Technology, NIST
SP800-53 20156 CUI
SP800-53 SP800-171 2016 5 14
CUINIST SP800-171
FAR 52.204-21 914 CUI
SP800-171CUI
32 CFR 2002.14 2016 10
NIST SP800-171CUI
DFARS 252.204-70122017 12 31
72
NIST SP800-171System Security Plan, SSP Plan
of Action and Milestones, POA&M
NIST SP800-171
2,500AIAG: Automotive Industry Action
Group 2018 5 2NIST SP800-171
NERC: North American Electric Reliability Corporation NIST
CUI 2010 11 9 (Executive Order)13556
180 CUI
CUI 2015 6 CUI NIST SP800-171
2016 5 14 (FAR)52204-21
2016 9 14 32 (CFR)2002.14
2016 10 DFARS 252.204-7012 CUI
2017 12 31 NIST SP800-171
SP800-171
5
NIST SP800-171
5
NIST NIST CSF (Cybersecurity Framework) 5
5
*2 NIST National Cybersecurity Center of Excellence
7
Society5.0
CUI
CUI
CUI
2020 3*3
NIST
http://www.meti.go.jp/committee/kenkyukai/shoujo/sangyo_cyber/wg_1/pdf/001_04_00.pdf *3
8
Cloud Service Provider: CSP
FedRAMP: Federal Risk and Authorization Management Program
FedRAMP
FedRAMP HP FedRAMP MARKET PLACE
https://marketplace.fedramp.gov/#/products?status=Compliant&sort=productName
FedRAMP Concept of Operations http://www.gsa.gov/portal/getMediaData?mediaId=154239
9
DoD IG: DoD Inspector General Logical and Physical Access Controls at Missile Defense Agency
Contractor Locations 2017 312
BMDSUCTI DFARS
NIST SP800-171
MDA 7
NIST SP800-171
(SP800-171/53 )
5/7
4/7
7/7
1/7
1/7
5/7
5/7
5/7
4/7
DoD IG 7 SP800-171/53
7
DoD IG[Logical and Physical Access Controls at Missile Defense Agency Contractor Locations] https://media.defense.gov/2018/Apr/02/2001898150/-1/-1/1/DODIG-2018-094.PDF
12
ISO27001
NIST70%
70%
SP800-171
3.6
3.13
3.8
3.12
3.3
3.11 3.9
3.2
3.14
3.5 3.4
3.10
3.1
3.7
77 33
13
NIST SP800-171 9
1 9
NIST SP800-171
"SP800-171"
1 CUI
CUICUI
CUICUI
2 CUI
1 CUI
CUI
CUI CUI
ISO27001 ISMS
3
CUINIST
4 SP800-171
CUI
SP800-171
SP800-171SP800-171
5 SP800-171
SP800-171
14
SP800-171
171Go/NoGo
6 SP800-171
7 SP800-171
SP800-171
National Vulnerability Database, NVD
8 SP800-171
SP800-171
NIST SSP System Security Plan
9 SP800-171 SP800-171
SP800-171
SP800-171
SP800-171
1 CUI CUICUI
CUI
2 CUI CUI
CUI
3 CUI NISTNIST CSF
NIST
4 SP800-171
CUI 171
SP800-171
5 SP800-171 SP800-171
SP800-171
6 SP800-171 ( )
SP800-171
7 SP800-171 SP 800-171
SP800-171
8 SP800-171 SP 800-171171
SSP
9 SP800-171 SP800-171
NIST SP800-171
16
DT
40 11,000 Web www.deloitte.com/jp
Deloitte
150
Fortune Global 500® 8 Making an impact that matters245,000 Facebook LinkedIn Twitter
Deloitte
DTTLDTTL DTTL Deloitte
Global Deloitte www.deloitte.com/jp/about
Member of Deloitte Touche Tohmatsu Limited © 2018. For information, contact Deloitte Tohmatsu Consulting LLC.
E-mail : [email protected]/jp/dtc/