EMASS
   HOME

TheInfoList



Click Here for Items Related To - EMASS
OR:
EMASS on:   [Wikipedia]   [Google]   [Amazon]

The Enterprise Mission Assurance Support Service (eMASS) is a service-oriented computer application that supports
Information Assurance Information assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and data transmission, transmission of information. Information assurance includes protection of the data integrity, inte ...
(IA) program management and automates the Risk Management Framework (RMF) process.


Overview

eMASS is a service-oriented computer application that supports
Information Assurance Information assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and data transmission, transmission of information. Information assurance includes protection of the data integrity, inte ...
(IA) program management and automates the Risk Management Framework (RMF).NIST CSRC Risk Management Framework Overview (publicly accessible), https://csrc.nist.gov/projects/risk-management/rmf-overview The purpose of eMASS is to help the DoD to maintain IA situational awareness, manage risk, and comply with the
Federal Information Security Management Act The Federal Information Security Management Act of 2002 (FISMA, , ''et seq.'') is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002 (, ). The act recognized the importance of information security to the eco ...
(FISMA 2002) and the Federal Information Security Modernization Act (FISMA 2014). eMASS is owned by the
U.S. Department of Defense The United States Department of Defense (DoD, USDOD, or DOD) is an executive department of the U.S. federal government charged with coordinating and supervising the six U.S. armed services: the Army, Navy, Marines, Air Force, Space Force, t ...
(i.e., the software is not proprietary). The program is sponsored by the
Assistant Secretary of Defense for Networks and Information Integration The Assistant Secretary of Defense for Networks & Information Integration (ASD(NII)) was an appointed position that provided management and oversight of all DoD information technology, including national security systems. The ASD(NII) also served as ...
(ASD (NII)) and is managed by the
Defense Information Systems Agency The Defense Information Systems Agency (DISA), known as the Defense Communications Agency (DCA) until 1991, is a United States Department of Defense (DoD) combat support agency. It is composed of military, federal civilians, and contractors. D ...
(DISA) Program Executive Office for Mission Assurance and NetOps (PEO-MA). As the DoD's recommended tool for information system Assessment and Authorization (A&A), eMASS automates the A&A process, manages workflow among user roles, and generates a variety of reports based on user needs (including all reports required by RMF and FISMA). The functional capabilities of eMASS have evolved in response to requirements from DoD leadership and operational user feedback. eMASS is designed to work in concert with th
RMF Knowledge Service (CAC or ECA required)
and empowers the DoD IA workforce in support of the DoD 8500-series
Information Assurance Information assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and data transmission, transmission of information. Information assurance includes protection of the data integrity, inte ...
policy framework and implementation guidance. eMASS establishes strict process control mechanisms for obtaining authorization to connect to the DoD's
Global Information Grid The Global Information Grid (GIG), now referred to as the Department of Defense Information Network (DODIN), refers to the entire network of information transmission and processing capabilities maintained by the United States Department of Defens ...
(GIG) networks, which helps to reduce the risk of cyber attacks and to accomplish the goals of RMF.


eMASS as a Cloud Service

eMASS also provides C&A capabilities in the DoD’s
cloud computing Cloud computing is "a paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual resources with self-service provisioning and administration on-demand," according to International Organization for ...
environment, the Rapid Access Computing Environment (RACE). According to DISA government officials, offering eMASS as a cloud service will help to significantly reduce the time required to certify and accredit DoD information systems."DISA Ramps Up Cloud Computing Platform," Washington Technology, 10/5/2009, http://washingtontechnology.com/articles/2009/10/05/disa-cloud-computing-platform.aspx


References

{{Reflist


External links


DoD Cyber Exchange

RMF Knowledge Service
(requires DoD PKI certificate or DoD ECA)
Defense Information Systems Agency

DoD IA Policy Chart - Build and Operate a Trusted DoDIN
Information Assurance Certification and Accreditation Program