Professional Documents
Culture Documents
Subject
No. Category Security objectives Current status Issues to be addressed Improvement plans Related rules Part of related rules Notes
party
API
Governance of information and Make clear who is responsible for what FISC Security
1 connection C4, C6, C7, C8
security management regarding security management. Guidelines
partner
1/7
API Connection Checklist (Format)
<October 2018 Edition>
Subject
No. Category Security objectives Current status Issues to be addressed Improvement plans Related rules Part of related rules Notes
party
JBA “Report of
API 3.3.1 Eligibility of Third
Governance of information and Implement review and countermeasures in the Review Committee
7 connection Parties
security management event of a security incident. on Open APIs”
partner b
Security Principles
API
Governance of information and
8 Ensure security in chain connections. connection
security management
partner
API
Implement measures in light of risks specific FISC Security
11 Outsourcing management connection C24, A1
to cloud services when using them. Guidelines
partner
2/7
API Connection Checklist (Format)
<October 2018 Edition>
Subject
No. Category Security objectives Current status Issues to be addressed Improvement plans Related rules Part of related rules Notes
party
JBA “Report of
3.4.5 Responsibilities
Cooperation between financial Review Committee
Compensate users appropriately when Toward and
15 institutions and API connection Both on Open APIs”
needed. Compensation of Users
partners User Protection
c
Principles
JBA “Report of
3.4.5 Responsibilities
Cooperation between financial Review Committee
Operate contact points for user compensation Toward and
16 institutions and API connection Both on Open APIs”
properly. Compensation of Users
partners User Protection
d
Principles
3/7
API Connection Checklist (Format)
<October 2018 Edition>
Subject
No. Category Security objectives Current status Issues to be addressed Improvement plans Related rules Part of related rules Notes
party
API
Management of system FISC Security
22 Implement authentication on system access. connection P1, P8, P16, P26
development and operations Guidelines
partner
API
Management of system Implement countermeasures to prevent
24 connection
development and operations misconduct by operators.
partner
4/7
API Connection Checklist (Format)
<October 2018 Edition>
Subject
No. Category Security objectives Current status Issues to be addressed Improvement plans Related rules Part of related rules Notes
party
API
Implement countermeasures against fake
33 Service-system security functions connection
applications.
partner
5/7
API Connection Checklist (Format)
<October 2018 Edition>
Subject
No. Category Security objectives Current status Issues to be addressed Improvement plans Related rules Part of related rules Notes
party
3.3.2 Countermeasures
for External
JBA “Report of Unauthorized Access
Enable tracing in the event of unauthorized Review Committee s
35 Service-system security functions Both
access. on Open APIs” 3.3.4 Handling
Security Principles Unauthorized Access
When It Occurs
b
API
37 API security functions Prevent unexpected usage of API. connection
partner
6/7
API Connection Checklist (Format)
<October 2018 Edition>
Subject
No. Category Security objectives Current status Issues to be addressed Improvement plans Related rules Part of related rules Notes
party
7/7