eMASS
The Enterprise Mission Assurance Support Service (eMASS) is a service-oriented computer application that supports Information Assurance (IA) program management and automates the DoD Information Assurance Certification and Accreditation Process (DIACAP).
Overview
eMASS is a service-oriented computer application that supports Information Assurance (IA) program management and automates the DoD Information Assurance Certification and Accreditation Process (DIACAP).[1] The purpose of eMASS is to help the DoD to maintain IA situational awareness, manage risk, and comply with the Federal Information Security Management Act (FISMA). eMASS is owned by the U.S. Department of Defense (i.e., the software is not proprietary). The program is sponsored by the Assistant Secretary of Defense for Networks and Information Integration (ASD(NII)) and is managed by the Defense Information Systems Agency (DISA) Program Executive Office for Mission Assurance and NetOps (PEO-MA).[2]
As the DoD's recommended tool for information system Certification and Accreditation (C&A), eMASS automates the C&A process, manages workflow among user roles, and generates a variety of reports based on user needs (including all reports required by DIACAP and FISMA).[3] The functional capabilities of eMASS have evolved in response to requirements from DoD leadership and operational user feedback.
eMASS is designed to work in concert with the DIACAP Knowledge Service, and empowers the DoD IA workforce in support of the DoD 8500-series Information Assurance policy framework and implementation guidance.[1] eMASS establishes strict process control mechanisms for obtaining authorization to connect to the DoD's Global Information Grid (GIG) networks, which helps to reduce the risk of cyber attacks and to accomplish the goals of DIACAP.[4]
In the event that DoD IA policy and/or required IA controls are updated, eMASS will be updated to support the implementation of DoD's IA program management requirements (e.g., the application will support the transition from IA controls in DoD Instruction 8500.2 to the controls in NIST Special Publication 800-53, revision 3).
eMASS as a Cloud Service
eMASS also provides C&A capabilities in the DoD’s cloud computing environment, the Rapid Access Computing Environment (RACE). According to DISA government officials, offering eMASS as a cloud service will help to significantly reduce the time required to certify and accredit DoD information systems.[5]
References
- ↑ 1.0 1.1 U.S. Army Information Assurance Security Officer (IASO) Training, Lesson 11: DIACAP (publicly accessible), https://ia.signal.army.mil/IASO/IASOLesson11.asp
- ↑ DoD Information Assurance Support Environment (IASE) DIACAP Frequently Asked Questions, http://iase.disa.mil/diacap/diacap-faq.pdf
- ↑ DoD IASE DIACAP Overview Training (publicly accessible), http://iase.disa.mil/eta/diacap/index.htm
- ↑ DoD Instruction 8510.01, DoD Information Assurance Certification and Accreditation Process (DIACAP), 11/28/2007, http://www.dtic.mil/whs/directives/corres/pdf/851001p.pdf
- ↑ "DISA Ramps Up Cloud Computing Platform," Washington Technology, 10/5/2009, http://washingtontechnology.com/articles/2009/10/05/disa-cloud-computing-platform.aspx
