About 83% of the information systems of administrative and public agencies are operated by agencies, and most of them are vulnerable to security due to the small scale of operation, insufficient facilities, and lack of dedicated personnel. To address these issues, the Ministry of the Interior and Safety announced in June 2021 that, as part of the “Second Basic Plan for E-Government,” all information systems of administrative and public agencies will be converted to a cloud-based integrated management operating environment by 2025 to provide stable public services. Accordingly, relevant laws and guidelines should be researched and analyzed to prepare for the cloud conversion of the Nuclear Export and Import Control System (NEPS) operated by the Export and Import Control Office of the Korea Institute of Nuclear Nonproliferation and Control (KINAC). The Cloud Computing Act defines cloud computing, establishes a basic plan and implementation plan, provides support for promoting the adoption of cloud computing by state institutions, supports the construction of integrated information and communication facilities based on cloud computing technology, provides cost and technical support, and regulates cloud security certification, and applies the Personal Information Protection Act and the Act on Promotion of Information and Communication Network Utilization and Information Protection to protect personal information. The E-Government Act defines integrated standards and principles for information resources, support for the use of cloud computing services, classification standards for information resources, and integrated standards for calculating the size and capacity of information systems. The Notice on Standards for Using Cloud Computing Services and Securing Safety for Administrative Agencies and Public Institutions specifies the standards for using cloud computing services and measures to secure stability for administrative agencies, contracts for using cloud computing services, and ensuring continuity of cloud computing services. The Basic Guidelines on National Information Security stipulate the establishment and implementation of security measures, system security, user security, security management, information and communication network security separating internal network and internet network, and cloud computing security measures, and stipulate the NIS security review when introducing private cloud services. In order to convert NEPS to the cloud computing services, network, and software design plans, transfer plans, and cloud operation plans will be established in compliance with the relevant laws and guidelines. And future research will include researching the system status of major public and private cloud service providers and analyzing their advantages and disadvantages.

• Hyun doo Kim(Korea Institute of Nuclear Nonproliferation and Control (KINAC))
• Si won Kim(Korea Institute of Nuclear Nonproliferation and Control (KINAC)) Corresponding author
• Seung-hyo Yang(Korea Institute of Nuclear Nonproliferation and Control (KINAC))