← Frameworks / Security Framework

FISC Security Guidelines on Computer Systems for Financial Institutions

Japan's de facto mandatory security standard for financial institutions, published by the Center for Financial Industry Information Systems (FISC). Covers technical standards (system design, access control, cryptography, network security), operational standards (IT governance, incident response, outsourcing, SDLC), and facility standards (data center physical security, environmental controls, disaster recovery). Referenced by the FSA and Bank of Japan for supervisory examinations.

Clauses: 32

Avg Coverage: 82.2%

Publisher: Center for Financial Industry Information Systems (FISC) Version: 11th Edition (2024)

FISC Security Guidelines → SP 800-53 SP 800-53 → FISC Security Guidelines Coverage Analysis

Clause	Title	SP 800-53 Controls
FISC.F1	Data Center Physical Security	PE-01 PE-02 PE-03 PE-04 PE-05 PE-06 PE-07 PE-08 PE-18 PE-19 PE-22
FISC.F2	Environmental Controls (Power, HVAC, Fire Suppression)	PE-09 PE-10 PE-11 PE-12 PE-13 PE-14 PE-15 PE-21
FISC.F3	Equipment Protection and Maintenance	MA-01 MA-02 MA-03 MA-04 MA-05 MA-06 MA-07 PE-16
FISC.F4	Media Handling and Disposal	MP-01 MP-02 MP-03 MP-04 MP-05 MP-06 MP-07 MP-08 SR-12
FISC.F5	Alternative Site and Recovery Facilities	CP-06 CP-07 CP-08 PE-17 PE-23
FISC.O1	IT Governance and Risk Management	PM-01 PM-02 PM-03 PM-04 PM-05 PM-09 PM-28 PL-01 PL-09 RA-01 RA-03 RA-07 RA-09
FISC.O2	System Operation and Monitoring	AU-02 AU-03 AU-06 AU-12 CA-07 SI-04 SI-05 SI-13 SC-48
FISC.O3	Change Management and Configuration Control	CM-01 CM-02 CM-03 CM-04 CM-05 CM-06 CM-09 CM-14 SA-10
FISC.O4	Incident Detection and Response	IR-01 IR-02 IR-03 IR-04 IR-05 IR-06 IR-07 IR-08 IR-09 SI-04
FISC.O5	Business Continuity and Disaster Recovery	CP-01 CP-02 CP-03 CP-04 CP-05 CP-06 CP-07 CP-08 CP-09 CP-10 SC-24 SI-17
FISC.O6	Outsourcing and Third-Party Management	AC-20 CA-03 PS-07 SA-04 SA-09 SA-21 SA-23 SR-01 SR-02 SR-03 SR-05 SR-06
FISC.O7	System Audit and Compliance	AU-01 AU-02 AU-11 CA-01 CA-02 CA-05 CA-07 PM-06 PM-14
FISC.O8	Human Resources Security and Training	AT-01 AT-02 AT-03 AT-04 AT-06 PS-01 PS-02 PS-03 PS-04 PS-05 PS-06 PS-07 PS-08 PS-09
FISC.O9	Information Asset and Data Lifecycle Management	AC-16 CM-08 CM-12 CM-13 MP-01 MP-03 MP-06 MP-08 PT-01 PT-02 RA-02 SI-12
FISC.O10	Software Development Lifecycle	SA-03 SA-04 SA-08 SA-10 SA-11 SA-15 SA-16 SA-17 SA-20 SA-21
FISC.O11	Log Management and Forensic Readiness	AU-01 AU-02 AU-03 AU-04 AU-05 AU-06 AU-07 AU-08 AU-09 AU-10 AU-11
FISC.O12	Vulnerability and Patch Management	CM-03 RA-05 RA-07 SI-02 SI-05
FISC.O13	Capacity and Performance Management	AU-04 CM-02 CM-08 MA-02 SA-08 SC-06 SI-13
FISC.T1	System Planning and Design Requirements	PL-01 PL-02 PL-06 PL-09 PL-10 PL-11 SA-02 SA-03 SA-08 SA-17
FISC.T2	Access Control and Authentication	AC-01 AC-02 AC-03 AC-04 AC-05 AC-06 AC-07 AC-08 AC-10 AC-11 AC-12 AC-13 AC-24 IA-01 IA-02 IA-04 IA-05 IA-06 IA-08 IA-12
FISC.T3	Network Security Architecture	AC-04 AC-17 AC-18 CA-03 CA-09 SC-02 SC-03 SC-05 SC-07 SC-20 SC-21 SC-22 SC-46 SC-47
FISC.T4	Cryptographic Controls	IA-07 SC-08 SC-12 SC-13 SC-17 SC-28 SC-40
FISC.T5	Database and Data Security	AC-03 AC-04 AC-16 CM-12 CM-13 MP-01 MP-02 SC-04 SC-28 SI-10 SI-12
FISC.T6	Application Security	SA-03 SA-04 SA-08 SA-10 SA-11 SA-15 SA-16 SA-17 SA-20 CM-14 SI-10
FISC.T7	Operating System and Platform Security	CM-02 CM-06 CM-07 CM-08 SC-34 SI-02 SI-03 SI-07 SI-16
FISC.T8	Web and API Security	AC-04 AC-17 SC-07 SC-08 SC-13 SC-18 SC-23 SI-10 SI-11
FISC.T9	Cloud Computing Security	AC-20 CA-03 CA-09 SA-04 SA-09 SC-07 SR-01 SR-02 SR-03
FISC.T10	Mobile and Remote Access Security	AC-17 AC-18 AC-19 IA-02 IA-05 SC-07 SC-08 SC-40
FISC.T11	Electronic Payment Systems Security	AC-03 AU-02 AU-10 IA-02 SC-07 SC-08 SC-12 SC-13
FISC.T12	Transaction Integrity and Non-repudiation	AU-10 SC-08 SC-12 SC-13 SC-16 SC-23 SI-07 SI-10
FISC.T13	System Interconnection Controls	AC-04 AC-20 CA-03 CA-09 SC-07 SC-46 SC-47
FISC.T14	Virtualisation and Container Security	CM-02 CM-06 CM-07 SC-02 SC-03 SC-39 SI-03 SI-07