For cloud service providers aiming to expand their public sector business, compliance certification is often the most crucial entry ticket. Cloudflare announced today (January 15th) that its security services have been officially registered under the Japanese government's "Information Systems Security Assessment System" (ISMAP). This means that Cloudflare's CDN, WAF, and Zero Trust services will now be eligible options for Japanese government agencies when procuring cloud services.
What is ISMAP?
ISMAP (Information System Security Management and Assessment Program) is a system led by the Information Processing Promotion Agency (IPA) and other organizations in Japan, specifically designed to assess information security measures for private cloud services. Only services that pass rigorous review and are registered can be considered "Government-certified clouds" and qualify to participate in government tenders.
Prior to this, services from US technology companies including Microsoft, Google, AWS, and Slack had already obtained this certification.
Cloudflare for Government: From Protection to Serverless Computing
According to the official ISMAP listing (listing date: December 22, 2025), Cloudflare has been listed under the name "Cloudflare for Government," and the services covered include the following:
• Security protection:It includes its most well-known CDN (Content Delivery Network), WAF (Web Application Firewall), and DDoS attack protection services.
• Zero Trust Architecture:Cloudflare Zero Trust service.
• Edge computing:Cloudflare Workers are designed for serverless applications.
Deepening its presence in Japan and key infrastructure
Cloudflare currently has network locations in more than 330 cities worldwide, including Tokyo and Osaka. Cloudflare Vice President Sayoko Matsumoto said that after obtaining certification, it will be able to provide compliant and seamless security solutions for Japan's public sector, utilities, and critical infrastructure organizations, meeting even the most complex customer needs.
Analysis of viewpoints
With digital transformation (DX) becoming a core policy of the Japanese government, the adoption rate of "cloud first" in the public sector is increasing significantly, but this has also brought about cybersecurity concerns. ISMAP has extremely high certification thresholds, and Cloudflare's inclusion on this list indicates that its cybersecurity architecture has received national-level endorsement.
For Cloudflare, this is not just about securing government business, but also a powerful indicator of trust. Especially given the current geopolitical tensions and frequent DDoS attacks, the Japanese government's entrustment of its website protection and zero-trust architecture to Cloudflare reflects its reliance on its global edge network defense capabilities. For the Taiwanese government and businesses facing similar high-intensity cyberattack threats, the ISMAP certification list in Japan may also be a valuable procurement criterion.
