Enterprise Mission Assurance Support Service (eMASS) is the Department of Defense's (DoD) recommended tool for information system Certification and Accreditation (C&A). eMASS automates the C&A process, manages workflow among user roles, and generates a variety of reports based on user needs--including all reports required by the DoD Information Assurance Certification and Accreditation Process (DIACAP) and the Federal Information Security Management Act (FISMA).
As directed by DoD Instruction 8510.01, “DoD Information Assurance Certification and Accreditation Process (DIACAP),” dated Nov. 28, 2007, the Director, DISA, under the authority, direction, and control of the Assistant Secretary of Defense for Networks & Information Integration/DoD Chief Information Officer, shall “provide automated validation capabilities to the DoD components for use in the DIACAP.”
eMASS is the centerpiece of an ongoing DoD effort to automate a broad range of services for comprehensive, fully-integrated information assurance (IA) management at the DoD Component level, is fully compliant with the concept of IA controls-based information assurance, and is intended to provide full support of the DoD 8500 series.
eMASS is a government-owned, commercial off-the-shelf based solution that seamlessly integrates several capability models to support IA program management (PM) needs. eMASS facilitates robust, measurable IA PM through the following capabilities:
- Security-process management and reporting based on compliance with IA Controls
- Standardized information exchange to facilitate dynamic connection decisions
- Workflow automation
- Simplified management of the entire C&A process from C&A package submission through completion
- Traceable systems-security engineering across the entire system-development life cycle
- Facilitation of regulatory and IA management-reporting requirements, such as those contained in FISMA
- Providing senior leadership visibility into the IA posture of all DoD organizations through the Enterprise Reporting Service (ERS) module.
The overarching vision is to allow all parties with the need to share access to pertinent data in a near-real-time, secure environment. Hence, the ERS module will also serve as the supervisor to determine which reports for each organization get approved by the assigned approver role before they are released to DoD community. These reports are measured by the compliance and severity associated with the implementation of IA controls applied to their respective accreditation packages.