The Enterprise Mission Assurance Support Service (eMASS) is a service-oriented computer application that supports Information Assurance (IA) program management and automates the DoD Information Assurance Certification and Accreditation Process (DIACAP) and Risk Management Framework (RMF) process.
Contents
Overview
eMASS is a service-oriented computer application that supports Information Assurance (IA) program management and automates the DoD Information Assurance Certification and Accreditation Process (DIACAP). The purpose of eMASS is to help the DoD to maintain IA situational awareness, manage risk, and comply with the Federal Information Security Management Act (FISMA). eMASS is owned by the U.S. Department of Defense (i.e., the software is not proprietary). The program is sponsored by the Assistant Secretary of Defense for Networks and Information Integration (ASD(NII)) and is managed by the Defense Information Systems Agency (DISA) Program Executive Office for Mission Assurance and NetOps (PEO-MA).
As the DoD's recommended tool for information system Certification and Accreditation (C&A), eMASS automates the C&A process, manages workflow among user roles, and generates a variety of reports based on user needs (including all reports required by DIACAP and FISMA). The functional capabilities of eMASS have evolved in response to requirements from DoD leadership and operational user feedback.
eMASS is designed to work in concert with the DIACAP Knowledge Service, and empowers the DoD IA workforce in support of the DoD 8500-series Information Assurance policy framework and implementation guidance. eMASS establishes strict process control mechanisms for obtaining authorization to connect to the DoD's Global Information Grid (GIG) networks, which helps to reduce the risk of cyber attacks and to accomplish the goals of DIACAP.
As of late 2015, eMASS is transitioning and/or adding capability to support the DoD's new IA process, the Risk Management Framework (RMF).
In the event that DoD IA policy and/or required IA controls are updated, eMASS will be updated to support the implementation of DoD's IA program management requirements (e.g., the application will support the transition from IA controls in DoD Instruction 8500.2 to the controls in NIST Special Publication 800-53, revision 3).
eMASS as a Cloud Service
eMASS also provides C&A capabilities in the DoD’s cloud computing environment, the Rapid Access Computing Environment (RACE). According to DISA government officials, offering eMASS as a cloud service will help to significantly reduce the time required to certify and accredit DoD information systems.