The Enterprise Mission Assurance Support Service (eMASS) is a service-oriented computer application that supports Information Assurance (IA) program management and automates the Risk Management Framework (RMF) process.
eMASS is a service-oriented computer application that supports Information Assurance (IA) program management and automates the Risk Management Framework (RMF).[1] The purpose of eMASS is to help the DoD to maintain IA situational awareness, manage risk, and comply with the Federal Information Security Management Act (FISMA 2002) and the Federal Information Security Modernization Act (FISMA 2014). eMASS is owned by the U.S. Department of Defense (i.e., the software is not proprietary). The program is sponsored by the Assistant Secretary of Defense for Networks and Information Integration (ASD (NII)) and is managed by the Defense Information Systems Agency (DISA) Program Executive Office for Mission Assurance and NetOps (PEO-MA).[2]
As the DoD's recommended tool for information system Assessment and Authorization (A&A), eMASS automates the A&A process, manages workflow among user roles, and generates a variety of reports based on user needs (including all reports required by RMF and FISMA). The functional capabilities of eMASS have evolved in response to requirements from DoD leadership and operational user feedback.
eMASS is designed to work in concert with the RMF Knowledge Service (CAC or ECA required), and empowers the DoD IA workforce in support of the DoD 8500-series Information Assurance policy framework and implementation guidance. eMASS establishes strict process control mechanisms for obtaining authorization to connect to the DoD's Global Information Grid (GIG) networks, which helps to reduce the risk of cyber attacks and to accomplish the goals of RMF.[3]
eMASS also provides C&A capabilities in the DoD’s cloud computing environment, the Rapid Access Computing Environment (RACE). According to DISA government officials, offering eMASS as a cloud service will help to significantly reduce the time required to certify and accredit DoD information systems.[4]