Back to Frameworks
Japan FSA Cybersecurity Guidelines for Financial Institutions
Japan
v2024 (updated)
11 domains
11 controls
The Japan Financial Services Agency (JFSA) Cybersecurity Guidelines provide a comprehensive framework for managing cybersecurity risks in financial institutions. Updated periodically, the guidelines cover governance, risk assessment, preventive controls, detection, response, and recovery. Aligned with the NIST Cybersecurity Framework. Apply to banks, securities firms, insurance companies, and other regulated financial institutions in Japan.
Verified
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (11)
JP FSA Cyber BCM + Resilience
1 controls
| Code | Title |
|---|---|
| JP-FSA-CYB-Business-Continuity-Cyber-Resilience-RTO-RPO-Backup-Immutable-Air-Gapped-Disaster-Recovery-Ransomware-Resistance | Japan FSA Cybersecurity Business Continuity + Cyber Resilience + RTO + RPO + Backup + Immutable + Air-Gapped + Disaster Recovery + Ransomware Resistance + Operational Resilience + Critical Function Mapping + FSA Operational Resilience Framework |
JP FSA Cyber Exercises + Drills
1 controls
| Code | Title |
|---|---|
| JP-FSA-CYB-Cybersecurity-Exercises-Drills-Annual-Tabletop-Industry-Wide-Exercise-Delta-Wall-FSA-Coordinated-Sector | Japan FSA Cybersecurity Exercises + Drills + Annual Tabletop + Industry-Wide Exercise + Delta Wall + FSA Coordinated Sector-Wide + FISC Drills + Cross-Sector Crisis Coordination + International Exercises + Cyber Range |
JP FSA Cyber IAM + Customer Auth
1 controls
| Code | Title |
|---|---|
| JP-FSA-CYB-Identity-Access-Management-Privileged-Access-MFA-Zero-Trust-Just-In-Time-Banking-Customer-Authentication | Japan FSA Cybersecurity Identity and Access Management + Privileged Access + MFA + Zero Trust + Just-In-Time + Banking Customer Authentication + Risk-Based Authentication + Out-of-Band + Biometric + FIDO2 + Internet Banking Security |
JP FSA Cyber Incident Response
1 controls
| Code | Title |
|---|---|
| JP-FSA-CYB-Incident-Response-Playbooks-Containment-Eradication-Recovery-Post-Mortem-Tabletop-CSIRT | Japan FSA Cybersecurity Incident Response + Playbooks + Containment + Eradication + Recovery + Post-Mortem + Tabletop Exercises + CSIRT + FSA Notification + Customer Communication + Forensics + Lessons Learned |
JP FSA Cyber Maturity Self-Assessment
1 controls
| Code | Title |
|---|---|
| JP-FSA-CYB-Cybersecurity-Maturity-Self-Assessment-Tool-Annual-Submission-Risk-Tier-Based-Tier1-Tier2-Tier3 | Japan FSA Cybersecurity Maturity Self-Assessment Tool + Annual Submission + Risk-Tier-Based + Tier 1 Foundational + Tier 2 Enhanced + Tier 3 Advanced + FSA Inspection + Plan-Do-Check-Act + Continuous Improvement + Industry Benchmarking |
JP FSA Cyber Regulatory Reporting
1 controls
| Code | Title |
|---|---|
| JP-FSA-CYB-Incident-Notification-FSA-30-Days-Customer-Disclosure-Banking-Act-Article-52-2-Securities-Article-19-Insurance-Article-100-2 | Japan FSA Cyber Incident Notification + 30-Day SLA + Customer Disclosure + Banking Act Article 52-2 + Securities Article 19 + Insurance Article 100-2 + APPI Article 26 Breach + Material Incident Definition + Public Disclosure |
JP FSA Cyber Risk Management
1 controls
| Code | Title |
|---|---|
| JP-FSA-CYB-Risk-Management-NIST-CSF-FFIEC-Aligned-Identify-Protect-Detect-Respond-Recover-Govern-Plan-Do-Check-Act | Japan FSA Cybersecurity Risk Management Framework + NIST CSF 2.0 Aligned + FFIEC Crosswalk + Identify Protect Detect Respond Recover Govern + ISO 27001 ISMS + Plan-Do-Check-Act + Inherent vs Residual Risk + Risk Appetite + Cyber Risk in ERM |
JP FSA Cyber SOC + Detection
1 controls
| Code | Title |
|---|---|
| JP-FSA-CYB-Security-Monitoring-SOC-Operations-SIEM-EDR-MDR-XDR-24x7-Detection-Alert-Triage | Japan FSA Cybersecurity Security Monitoring + SOC 24x7 Operations + SIEM + EDR + MDR + XDR + Detection + Alert Triage + Threat Hunting + Incident Response Integration + Threat Intelligence Integration + UEBA |
JP FSA Cyber Scope + Governance
1 controls
| Code | Title |
|---|---|
| JP-FSA-CYB-Scope-Guidelines-Cyber-Security-Financial-Institutions-2015-2019-2022-2024-Banking-Insurance-Securities-FISC | Japan FSA Cybersecurity Guidelines Scope + Cyber Security Reinforcement at Financial Institutions + 2015 + 2019 + 2022 + 2024 Updates + Banking + Insurance + Securities + Funds + Sector-Specific + FISC Coordination + Board and Senior Management Oversight + Three Lines of Defense |
JP FSA Cyber Third Party + Cloud
1 controls
| Code | Title |
|---|---|
| JP-FSA-CYB-Third-Party-Outsourcing-Cyber-Risk-Cloud-Service-Provider-Due-Diligence-Audit-Right-Sub-Processor-Visibility-Concentration-Risk | Japan FSA Cybersecurity Third Party + Outsourcing Cyber Risk + Cloud Service Provider Due Diligence + Audit Right + Sub-Processor Visibility + Concentration Risk + Data Sovereignty + ISMAP Certification + FISC Cloud Guidelines |
JP FSA Cyber Vulnerability Mgmt
1 controls
| Code | Title |
|---|---|
| JP-FSA-CYB-Vulnerability-Management-Patching-CVE-Risk-Based-Prioritisation-Penetration-Testing-Red-Team | Japan FSA Cybersecurity Vulnerability Management + Patching + CVE Tracking + Risk-Based Prioritisation + Penetration Testing + Red-Team + Bug Bounty + Coordinated Vulnerability Disclosure + Zero-Day Response |
Your Compliance Coverage
If you comply with Japan FSA Cybersecurity Guidelines for Financial Institutions, you already cover:
US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule
27%
3 controls mapped
Compare →OWASP DevSecOps Maturity Model (DSOMM)
27%
3 controls mapped
Compare →Azure Security Benchmark
27%
3 controls mapped
Compare →+ 75 more: ISO 27017 (27%), NIST SP 800-171A - Assessing Security Requirements for Controlled Unclassified Information (CUI) (27%)
See all 78 mapped frameworks ↓Maps to 78 other frameworks
11 total controls
US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule
3 source controls mapped|2 target controls covered
27%
OWASP DevSecOps Maturity Model (DSOMM)
3 source controls mapped|3 target controls covered
27%
Azure Security Benchmark
3 source controls mapped|4 target controls covered
27%
ISO 27017
3 source controls mapped|4 target controls covered
27%
NIST SP 800-171A - Assessing Security Requirements for Controlled Unclassified Information (CUI)
3 source controls mapped|6 target controls covered
27%
AWS Well-Architected Security Pillar
3 source controls mapped|4 target controls covered
27%
ISO 27018
3 source controls mapped|4 target controls covered
27%
ISO/IEC 27011:2024
3 source controls mapped|3 target controls covered
27%
FFIEC Cybersecurity Assessment Tool (CAT)
3 source controls mapped|6 target controls covered
27%
BSI IT-Grundschutz
3 source controls mapped|6 target controls covered
27%
NIST AI Risk Management Framework (AI RMF 1.0)
2 source controls mapped|1 target controls covered
18%
OWASP ASVS
2 source controls mapped|2 target controls covered
18%
Nevada Gaming Control Board Cybersecurity Requirements
2 source controls mapped|1 target controls covered
18%
MITRE D3FEND
2 source controls mapped|2 target controls covered
18%
ISO/IEC 30111:2019
2 source controls mapped|4 target controls covered
18%
ISO/IEC 29147:2018
2 source controls mapped|4 target controls covered
18%
FTC GLBA Safeguards Rule (16 CFR Part 314)
2 source controls mapped|2 target controls covered
18%
APRA CPS 230 Operational Risk Management
2 source controls mapped|3 target controls covered
18%
ISO/SAE 21434
2 source controls mapped|2 target controls covered
18%
ISO 27043
2 source controls mapped|2 target controls covered
18%
API 1164
2 source controls mapped|4 target controls covered
18%
TEFCA - Trusted Exchange Framework and Common Agreement
2 source controls mapped|1 target controls covered
18%
OWASP Top 10:2025
2 source controls mapped|2 target controls covered
18%
ISO/IEC 27400:2022
2 source controls mapped|2 target controls covered
18%
ISO 27019
2 source controls mapped|4 target controls covered
18%
ASD Strategies to Mitigate Cyber Security Incidents
2 source controls mapped|7 target controls covered
18%
NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements
2 source controls mapped|4 target controls covered
18%
ISO 27001:2022
2 source controls mapped|6 target controls covered
18%
IEC 62443
2 source controls mapped|4 target controls covered
18%
IAEA Nuclear Security Series - Computer Security at Nuclear Facilities (NSS-17-T Rev 1)
2 source controls mapped|2 target controls covered
18%
ISO 28001:2007 Supply Chain Security Management
2 source controls mapped|2 target controls covered
18%
UN Guiding Principles on Business and Human Rights (UNGPs)
1 source controls mapped|1 target controls covered
9%
CISA Cross-Sector Cybersecurity Performance Goals (CPG) 2.0
1 source controls mapped|1 target controls covered
9%
ISO/IEC 29134:2023
1 source controls mapped|1 target controls covered
9%
Voluntary Principles on Security and Human Rights (VPs)
1 source controls mapped|1 target controls covered
9%
Vietnam Law on Cybersecurity (No. 24/2018/QH14)
1 source controls mapped|1 target controls covered
9%
US Maritime Transportation Security Act (MTSA) and USCG Cybersecurity Requirements
1 source controls mapped|1 target controls covered
9%
US EPA Safe Drinking Water Act (SDWA) - Cybersecurity Requirements
1 source controls mapped|1 target controls covered
9%
Singapore Cybersecurity Act 2018
1 source controls mapped|1 target controls covered
9%
Protective Security Policy Framework (PSPF) Release 2024
1 source controls mapped|1 target controls covered
9%
Privacy Act 1988 (Australia)
1 source controls mapped|1 target controls covered
9%
Pakistan Personal Data Protection Bill 2023
1 source controls mapped|1 target controls covered
9%
NIST Special Publication 800-34 Revision 1, Contingency Planning Guide for Federal Information Systems
1 source controls mapped|2 target controls covered
9%
Ley Orgánica de Protección de Datos Personales (LOPDP)
1 source controls mapped|1 target controls covered
9%
Law No. 172-13 on the Protection of Personal Data
1 source controls mapped|1 target controls covered
9%
DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition)
1 source controls mapped|1 target controls covered
9%
ISO 22316
1 source controls mapped|2 target controls covered
9%
ISO 22320:2018
1 source controls mapped|3 target controls covered
9%
FFIEC IT Examination Handbook
1 source controls mapped|4 target controls covered
9%
ISO 22317
1 source controls mapped|2 target controls covered
9%
APPI
1 source controls mapped|2 target controls covered
9%
EASA Part-IS - Information Security in Aviation
1 source controls mapped|3 target controls covered
9%
NIST SP 800-171
1 source controls mapped|1 target controls covered
9%
ASIS SPC.1-2009 - Organizational Resilience Standard
1 source controls mapped|2 target controls covered
9%
APRA CPS 234
1 source controls mapped|4 target controls covered
9%
ISO 22318
1 source controls mapped|2 target controls covered
9%
ISO/IEC 27010:2015
1 source controls mapped|1 target controls covered
9%
ISO/IEC 27031:2011
1 source controls mapped|3 target controls covered
9%
Bahrain PDPL
1 source controls mapped|2 target controls covered
9%
ISO 20000-1
1 source controls mapped|1 target controls covered
9%
ITIL 4
1 source controls mapped|1 target controls covered
9%
Barbados Data Protection Act 2019
1 source controls mapped|1 target controls covered
9%
COSO Internal Control - Integrated Framework (2013)
1 source controls mapped|1 target controls covered
9%
Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL)
1 source controls mapped|2 target controls covered
9%
Annex 11 to EU GMP - Computerised Systems
1 source controls mapped|1 target controls covered
9%
Canada ITSG-33 - IT Security Risk Management
1 source controls mapped|1 target controls covered
9%
US NRC 10 CFR 73.54 - Cyber Security for Nuclear Power Plants
1 source controls mapped|1 target controls covered
9%
UAE Virtual Asset Regulatory Authority (VARA) Regulations
1 source controls mapped|1 target controls covered
9%
NATO AQAP 2110 - Quality Assurance Requirements for Design, Development, and Production
1 source controls mapped|1 target controls covered
9%
IAIS Insurance Core Principles (ICPs)
1 source controls mapped|1 target controls covered
9%
Florida Digital Bill of Rights (FDBR)
1 source controls mapped|1 target controls covered
9%
FedRAMP High
1 source controls mapped|2 target controls covered
9%
NIST SP 800-53 Revision 5.1 HIGH
1 source controls mapped|2 target controls covered
9%
FedRAMP Moderate
1 source controls mapped|2 target controls covered
9%
NIST SP 800-53 Rev 5 MODERATE
1 source controls mapped|1 target controls covered
9%
NIST SP 800-53 Rev 5 LOW
1 source controls mapped|1 target controls covered
9%
ISO/IEC 27006:2024
1 source controls mapped|1 target controls covered
9%
Austria Data Protection Act (Datenschutzgesetz, DSG, amended 2018)
1 source controls mapped|1 target controls covered
9%
Frequently Asked Questions
What is Japan FSA Cybersecurity Guidelines for Financial Institutions?
Japan FSA Cybersecurity Guidelines for Financial Institutions is a compliance framework from Japan with 11 domains and 11 controls. The Japan Financial Services Agency (JFSA) Cybersecurity Guidelines provide a comprehensive framework for managing cybersecurity risks in financial institutions. Updated periodically, the guidelines cover governance, risk assessment, preventive controls, detection, response, and recovery. Aligned with the NIST Cybersecurity Framework. Apply to banks, securities firms, insurance companies, and other regulated financial institutions in Japan. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does Japan FSA Cybersecurity Guidelines for Financial Institutions have?
Japan FSA Cybersecurity Guidelines for Financial Institutions has 11 controls organised across 11 domains. The largest domains are JP FSA Cyber BCM + Resilience (1 controls), JP FSA Cyber Exercises + Drills (1 controls), JP FSA Cyber IAM + Customer Auth (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does Japan FSA Cybersecurity Guidelines for Financial Institutions map to?
Japan FSA Cybersecurity Guidelines for Financial Institutions maps to 78 other compliance frameworks. The top mapping partners are US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule (27% coverage), OWASP DevSecOps Maturity Model (DSOMM) (27% coverage), Azure Security Benchmark (27% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with Japan FSA Cybersecurity Guidelines for Financial Institutions compliance?
Start your Japan FSA Cybersecurity Guidelines for Financial Institutions compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Japan FSA Cybersecurity Guidelines for Financial Institutions requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 11 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 700 frameworks.
Get Started Free →Free forever — no credit card required