Enterprise Mission Assurance Support Service (eMASS)

**8 April Update — I’ve had some people challenge me on my definition of the eMASS. I am saying that the eMASS is with the DOD IT Portfolios Management systems (EITDR, DITPR DON et al), but from what I’ve been told this not true. I’ve been told that eMASS is still has not been released. If this is true than I guess its fair to call it a huge failure. I’ll keep you posted.**

The Enterprise Mission Assurance Support Service (eMASS) is a generic name for specific automated databases that are used to manage the DIACAP, keep track and manage DoD IT systems. Each branch has a different automated database (Fig 1). The USAF has the EITDR, The Navy has the DITPR-DON, and the Army has the APMS. Each of these databases satisfies Dodd IT portfolio management, certification and IT reporting directives addressed in DoD Directive 8115.01, signed October 10, 2005.

USAF Enterprise Information Technology Data Repository (EITDR)

The EITDR is a database controlled and managed by AFCA/EV. It includes information on most UNCLASS USAF IT systems. The DIACAP (along with many other documents – such as the Information Support Plan) is essentially uploaded into the EITDR. The Air Force has a process known as the Security, Interoperability, Supportability, Sustainability and Usability (SISSU) that is worked in tandem with the DIACAP process for achievement of the an ATO/ATC.

Department of NAVY DADMS/DITPR-DON

The DON CIO provides guidance on registration requirements for the DON Application and Database Management System (DADMS) and DoD IT Portfolio Registry (DITPR)-DON, which replaced the DON IT Registry. DITPR-DON is the single, authoritative source for data regarding DON IT systems, including National Security Systems. Registration of mission-critical, mission-essential and mission-support systems in DITPR-DON is central to establishing an accurate and reliable enterprise-wide inventory. Additionally, DITPR-DON is used to satisfy statutory and management reporting requirements, including Federal Information Security Management Act reporting and the Business Management Modernization Program certification process.

– http://www.doncio.navy.mil/TagResults.aspx?ID=22

Army Portfolio Management Solution

The The Army Portfolio Management Solution (APMS) is the Army’s system has four major modules: IT registration module, Domain Certification module, Capital Planning & Investment Mgt IT Prioritization Module and Capital Planning Investment Control IT Budget Reporting Module

All the databases do essentially the same thing. For the purpose of DIACAP, the Information Technology registration and IA certification components are the most important.

References:

DoD Regulation 5200.1-R , “DoD Information Security Program,” January 1997

DoDD 8115.01, “Information Technology Portfolio Management”, dated October 10, 2005

DoDD 8500.01E, “Information Assurance (IA),” dated April 23, 2007

DoD 8510.1-M, “DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Application Document”, dated July 31, 2000

DoDI 8551.1, “Ports, Protocols, and Services Management (PPSM) Release 6.9,” dated September, 2007

DoDD 8570.1, “Information Assurance Training, Certification, and Workforce Management,” dated August 15, 2004

DoDI 8570.1-M “Information Assurance Workforce Improvement Program,” dated December 19, 2005

Deputy Secretary of Defense Memorandum, “Information Technology Portfolio Management,” March 22, 2004

Federal Information Security Management Act (FISMA) (2002)

Information Assurance Support Environment (IASE)

Popularity: 5% [?]