[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"news:cloud-government":3},{"meta":4,"markdown":67},{"type":5,"articleId":6,"slug":7,"title":8,"titleEn":9,"category":10,"summary":11,"publishedAt":12,"image":13,"tags":14,"vocabulary":16},"news","news-cloud-government","cloud-government","クラウド政府調達の最新動向 — ISMAP認証と多様化","Latest Trends in Government Cloud Procurement — ISMAP Certification and Diversification","tech-business","How Japanese government cloud procurement is changing — the ISMAP-certified provider list and recent additions (Oracle Cloud, IBM Cloud, Sakura Cloud), the Government Cloud framework for local-government standardization, 2025 procurement reforms, and security baseline updates.\n","2026-04-15T00:00:00Z","https:\u002F\u002Fimages.yamiyomi.com\u002Fnews-cloud-government.png",[15],"cloud",[17,22,26,30,35,39,43,47,51,55,59,63],{"word":18,"reading":19,"meaning":20,"level":21},"調達","ちょうたつ","procurement","N1",{"word":23,"reading":24,"meaning":25,"level":21},"認証","にんしょう","certification",{"word":27,"reading":28,"meaning":29,"level":21},"多様化","たようか","diversification",{"word":31,"reading":32,"meaning":33,"level":34},"評価","ひょうか","evaluation","N2",{"word":36,"reading":37,"meaning":38,"level":34},"登録","とうろく","registration",{"word":40,"reading":41,"meaning":42,"level":21},"名簿","めいぼ","list",{"word":44,"reading":45,"meaning":46,"level":21},"改革","かいかく","reform",{"word":48,"reading":49,"meaning":50,"level":21},"採択","さいたく","selection",{"word":52,"reading":53,"meaning":54,"level":34},"標準","ひょうじゅん","standard",{"word":56,"reading":57,"meaning":58,"level":34},"基盤","きばん","foundation",{"word":60,"reading":61,"meaning":62,"level":34},"加わる","くわわる","to be added",{"word":64,"reading":65,"meaning":66,"level":21},"拡充","かくじゅう","expansion","\n::para\n[政府]{せいふ:government:N2}や[自治体]{じちたい:local government:N3}による[クラウド]{くらうど:cloud}[サービス]{さーびす:service}[利用]{りよう:use:N3}は、[セキュリティ]{せきゅりてぃ:security}[要件]{ようけん:requirements:N3}と[コスト]{こすと:cost}[最適化]{さいてきか:optimization:N3}の[両立]{りょうりつ:balancing:N3}が[求められる]{もとめられる:required:N3}[難しい]{むずかしい:difficult:N3}[領域]{りょういき:area:N2}です。[本記事]{ほんきじ:this article:N3}では、ISMAP[制度]{せいど:system:N3}と[ガバメントクラウド]{がばめんとくらうど:Government Cloud}を[中心]{ちゅうしん:center:N4}に、[クラウド]{くらうど:cloud}[政府]{せいふ:government:N2}[調達]{ちょうたつ:procurement:N3}の[最新]{さいしん:latest:N3}[動向]{どうこう:trends:N3}を[整理]{せいり:organize:N1}します。\n\n#en\nUse of cloud services by the national and local governments is a difficult area where balancing security requirements with cost optimization is required. Centered on the ISMAP system and Government Cloud, this article organizes the latest trends in cloud government procurement.\n::\n\n::heading\nISMAP[制度]{せいど:system:N3}とは\n\n#en\nWhat Is the ISMAP System\n::\n\n::para\nISMAP（Information system Security Management and Assessment Program、[政府]{せいふ:government:N2}[情報]{じょうほう:information:N3}システムのための[セキュリティ]{せきゅりてぃ:security}[評価]{ひょうか:evaluation:N1}[制度]{せいど:system:N3}）は、[政府]{せいふ:government:N2}が[クラウド]{くらうど:cloud}[サービス]{さーびす:service}を[調達]{ちょうたつ:procure:N3}する[際]{さい:when:N3}に[一定]{いってい:certain:N3}の[セキュリティ]{せきゅりてぃ:security}[要件]{ようけん:requirements:N3}を[満たす]{みたす:meet:N3}サービスを[事前]{じぜん:in advance:N4}に[評価]{ひょうか:evaluate:N1}・[登録]{とうろく:register:N2}する[仕組み]{しくみ:framework:N3}です。2020[年]{ねん:year:N5}に[運用]{うんよう:operations:N4}が[開始]{かいし:started:N4}され、[現在]{げんざい:currently:N3}は[内閣]{ないかく:Cabinet:N1}[サイバーセキュリティ]{さいばーせきゅりてぃ:Cybersecurity}センター（NISC）[等]{とう:etc.:N3}が[運営]{うんえい:operating:N2}しています。[政府]{せいふ:government:N2}[機関]{きかん:agency:N3}は[原則]{げんそく:in principle:N2}として、ISMAPに[登録]{とうろく:registered:N2}されたクラウドサービスの[中]{なか:among:N5}から[調達]{ちょうたつ:procure:N3}することと[されます]{されます:said to be}。\n\n#en\nISMAP (Information system Security Management and Assessment Program — the security evaluation program for government information systems) is a framework in which, when the government procures cloud services, services that meet certain security requirements are evaluated and registered in advance. Operations started in 2020, and the National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and others currently operate it. Government agencies are reportedly required in principle to procure from among cloud services registered on ISMAP.\n::\n\n::heading\n[登録]{とうろく:registered:N2}クラウド[事業者]{じぎょうしゃ:provider:N4}の[多様化]{たようか:diversification:N3}\n\n#en\nDiversification of Registered Cloud Providers\n::\n\n::para\n[当初]{とうしょ:initially:N3}はAWS、[Microsoft Azure]{まいくろそふとあじゅーる:Microsoft Azure}、Google Cloudといった[米系]{べいけい:US-based:N1}の[大手]{おおて:major:N4}が[中心]{ちゅうしん:center:N4}でしたが、[近年]{きんねん:recent years:N4}は[Oracle Cloud]{おらくるくらうど:Oracle Cloud}、[IBM Cloud]{あいびーえむくらうど:IBM Cloud}、そして[国内]{こくない:domestic:N3}の[さくらのクラウド]{さくらのくらうど:Sakura Cloud}や[NTT]{えぬてぃーてぃー:NTT}コミュニケーションズが[提供]{ていきょう:provide:N1}するサービスなども[名簿]{めいぼ:list:N1}に[加わって]{くわわって:joining:N3}いると[報じられて]{ほうじられて:reported:N3}います。[国産]{こくさん:domestic:N3}クラウド[事業者]{じぎょうしゃ:provider:N4}の[参入]{さんにゅう:entry:N3}は、[経済]{けいざい:economic:N3}[安全]{あんぜん:security:N3}[保障]{ほしょう:guarantee:N1}と[国内]{こくない:domestic:N3}[産業]{さんぎょう:industry:N3}[育成]{いくせい:cultivation:N3}の[両面]{りょうめん:both aspects:N3}から[歓迎]{かんげい:welcomed:N1}されています。\n\n#en\nInitially, US-based majors such as AWS, Microsoft Azure, and Google Cloud were the center, but in recent years it is reported that Oracle Cloud, IBM Cloud, and services provided by domestic players such as Sakura Cloud and NTT Communications have also joined the list. The entry of domestic cloud providers is welcomed both from an economic security perspective and from the perspective of cultivating domestic industry.\n::\n\n::callout\n[最新]{さいしん:latest:N3}の[登録]{とうろく:registered:N2}サービス[一覧]{いちらん:list:N1}はISMAPの[公式]{こうしき:official:N3}サイトで[随時]{ずいじ:as needed:N1}[更新]{こうしん:updated:N3}されており、[調達]{ちょうたつ:procurement:N3}[担当者]{たんとうしゃ:officer:N2}は[最新]{さいしん:latest:N3}[情報]{じょうほう:information:N3}を[確認]{かくにん:confirm:N3}する[必要]{ひつよう:need:N3}があります。\n\n#en\nThe latest list of registered services is updated as needed on the official ISMAP site, and procurement officers need to check the latest information.\n::\n\n::heading\n[ガバメントクラウド]{がばめんとくらうど:Government Cloud}との[関係]{かんけい:relationship:N3}\n\n#en\nThe Relationship with Government Cloud\n::\n\n::para\nISMAPは[広く]{ひろく:broadly:N4}[政府]{せいふ:government:N2}[調達]{ちょうたつ:procurement:N3}[全般]{ぜんぱん:overall:N2}に[適用]{てきよう:applied:N3}される[制度]{せいど:system:N3}ですが、[デジタル庁]{でじたるちょう:Digital Agency:N2}が[運営]{うんえい:operates:N2}する「[ガバメントクラウド]{がばめんとくらうど:Government Cloud}」は、[国]{くに:national:N5}と[自治体]{じちたい:local government:N3}の[基幹]{きかん:core:N1}[業務]{ぎょうむ:operations:N3}システムを[載せる]{のせる:put on:N1}ことを[目的]{もくてき:purpose:N4}とした[共通]{きょうつう:common:N3}[クラウド]{くらうど:cloud}[基盤]{きばん:foundation:N1}です。[両制度]{りょうせいど:both systems:N3}の[関係]{かんけい:relationship:N3}は[補完]{ほかん:complementary:N2}[的]{てき:in nature:N4}で、[ガバメントクラウド]{がばめんとくらうど:Government Cloud}に[採択]{さいたく:selected:N1}されているサービスはISMAPにも[登録]{とうろく:registered:N2}されているのが[一般的]{いっぱんてき:typical:N2}とされます。\n\n#en\nISMAP is a system that broadly applies to government procurement overall, but \"Government Cloud,\" operated by the Digital Agency, is a common cloud foundation aimed at putting the core operational systems of the national and local governments on it. The relationship between the two systems is complementary in nature, and it is reportedly typical that services selected for Government Cloud are also registered on ISMAP.\n::\n\n::heading\n2025[年]{ねん:year:N5}の[調達]{ちょうたつ:procurement:N3}[改革]{かいかく:reforms:N2}\n\n#en\n2025 Procurement Reforms\n::\n\n::para\n2025[年]{ねん:year:N5}に[向けて]{むけて:toward:N3}、[政府]{せいふ:government:N2}は[調達]{ちょうたつ:procurement:N3}[手続き]{てつづき:procedures:N3}の[一部]{いちぶ:partial:N3}[見直し]{みなおし:review:N3}を[進めて]{すすめて:advancing:N3}いるとされます。[調達]{ちょうたつ:procurement:N3}[期間]{きかん:period:N3}の[短縮]{たんしゅく:shortening:N1}、[小規模]{しょうきぼ:small-scale:N1}[事業者]{じぎょうしゃ:operator:N4}や[スタートアップ]{すたーとあっぷ:startup}の[参入]{さんにゅう:entry:N3}[促進]{そくしん:promotion:N1}、[マルチクラウド]{まるちくらうど:multi-cloud}[構成]{こうせい:configuration:N3}の[許容]{きょよう:permission:N3}[拡大]{かくだい:expansion:N1}などが[論点]{ろんてん:discussion points:N3}として[挙げられて]{あげられて:cited:N1}いると[伝えられて]{つたえられて:reported:N3}います。[特定]{とくてい:specific:N3}[ベンダー]{べんだー:vendor}への[ロックイン]{ろっくいん:lock-in}を[避ける]{さける:avoiding:N1}[観点]{かんてん:perspective:N3}からも、[マルチクラウド]{まるちくらうど:multi-cloud}の[活用]{かつよう:use:N3}は[今後]{こんご:going forward:N5}[拡大]{かくだい:expand:N1}する[可能性]{かのうせい:possibility:N3}があります。\n\n#en\nToward 2025, the government is reportedly advancing partial review of procurement procedures. It is reported that points of discussion cited include: shortening of procurement periods, promotion of entry by small-scale operators and startups, and expansion of permission for multi-cloud configurations. From the perspective of avoiding lock-in to a specific vendor, use of multi-cloud also has the possibility of expanding going forward.\n::\n\n::heading\n[セキュリティ]{せきゅりてぃ:security}[基準]{きじゅん:baseline:N1}の[更新]{こうしん:updates:N3}\n\n#en\nUpdates to the Security Baseline\n::\n\n::para\nISMAPの[評価]{ひょうか:evaluation:N1}[基準]{きじゅん:standards:N1}は、[国際]{こくさい:international:N3}[標準]{ひょうじゅん:standards:N1}（ISO\u002FIEC 27001、27017、SP 800-53など）を[参考]{さんこう:reference:N3}に[策定]{さくてい:formulated:N1}されており、[随時]{ずいじ:as needed:N1}[更新]{こうしん:updated:N3}されています。2024[年]{ねん:year:N5}から2025[年]{ねん:year:N5}にかけては、[ゼロトラスト]{ぜろとらすと:zero trust}[関連]{かんれん:related:N3}の[要件]{ようけん:requirements:N3}や、[サプライチェーン]{さぷらいちぇーん:supply chain}[セキュリティ]{せきゅりてぃ:security}に[関する]{かんする:concerning:N3}[項目]{こうもく:items:N1}の[拡充]{かくじゅう:enhancement:N1}が[進められた]{すすめられた:advanced:N3}と[されます]{されます:said to be}。クラウド[事業者]{じぎょうしゃ:provider:N4}は、[継続的]{けいぞくてき:continuous:N1}な[認証]{にんしょう:certification:N1}[更新]{こうしん:renewal:N3}と[基準]{きじゅん:standards:N1}への[追従]{ついじゅう:following:N1}が[求められる]{もとめられる:required:N3}ため、[運用]{うんよう:operations:N4}[負荷]{ふか:burden:N2}は[小さく]{ちいさく:small:N5}ないと[いえます]{いえます:can be said}。\n\n#en\nThe evaluation standards for ISMAP are formulated with reference to international standards (such as ISO\u002FIEC 27001, 27017, and SP 800-53) and are updated as needed. From 2024 into 2025, enhancements were reportedly advanced for zero trust-related requirements and items concerning supply chain security. Because cloud providers are required to undergo continuous certification renewal and to keep up with the standards, the operational burden can be said to be not small.\n::\n"]