Enterprise Mission Assurance Support Service (eMASS)

by Bruce Brown | 9 Comments


**15 March 14 Update – eMASS will match the process/procedure and IA Controls of the new RMF for DoD IT that is replacing the DIACAP.  **

discussed here a little: http://csrc.nist.gov/groups/SMA/ispab/documents/minutes/2012-10/ispab_oct2012_dcussatt_dod-rmf-transition-brief.pdf

**30 Aug 11 Update to eMASS info. Previous information mixed eMass with IT Portfolio Management systems. There was a lot of confusion about eMASS due to is very late release following the official publication of DoDI 8510, DIACAP**

eMASS is a database managed by the DoD created to store, track and manage the activities of the Certification & Accreditation process (and/or risk management framework steps). The database is managed on the NIPR & SIPR. For more information refer to:
Information Assurance Support Environment (IASE)

eMASS vs. IT Portolio Management Systems

eMASS should not be confused with IT Portfolio management system addressed in DoDD 8115.01, “Information Technology Portfolio Management”:

USAF Enterprise Information Technology Data Repository (EITDR)


The DON CIO provides guidance on registration requirements for the DON Application and Database Management System (DADMS) and DoD IT Portfolio Registry (DITPR)-DON, which replaced the DON IT Registry. DITPR-DON is the single, authoritative source for data regarding DON IT systems, including National Security Systems. Registration of mission-critical, mission-essential and mission-support systems in DITPR-DON is central to establishing an accurate and reliable enterprise-wide inventory. Additionally, DITPR-DON is used to satisfy statutory and management reporting requirements, including Federal Information Security Management Act reporting and the Business Management Modernization Program certification process.


Army Portfolio Management Solution

The The Army Portfolio Management Solution (APMS) is the Army’s system has four major modules: IT registration module, Domain Certification module, Capital Planning & Investment Mgt IT Prioritization Module and Capital Planning Investment Control IT Budget Reporting Module

All the databases do essentially the same thing. For the purpose of DIACAP, the Information Technology registration and IA certification components are the most important.


DoD Regulation 5200.1-R , “DoD Information Security Program,” January 1997

DoDD 8115.01, “Information Technology Portfolio Management”, dated October 10, 2005

DoDD 8500.01E, “Information Assurance (IA),” dated April 23, 2007

DoD 8510.1-M, “DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Application Document”, dated July 31, 2000

DoDI 8551.1, “Ports, Protocols, and Services Management (PPSM) Release 6.9,” dated September, 2007

DoDD 8570.1, “Information Assurance Training, Certification, and Workforce Management,” dated August 15, 2004

DoDI 8570.1-M “Information Assurance Workforce Improvement Program,” dated December 19, 2005

Deputy Secretary of Defense Memorandum, “Information Technology Portfolio Management,” March 22, 2004

Federal Information Security Management Act (FISMA) (2002)

Information Assurance Support Environment (IASE)

9 Comments on Enterprise Mission Assurance Support Service (eMASS)

  1. keith yockey
    February 20, 2008 at 1:32 pm (12 years ago)

    Do each service’s eMASS systems connect at DoD level so services can access other service accreditations?

  2. elamb.security
    February 20, 2008 at 10:16 pm (12 years ago)

    Not that I know of. I know the JITC has some site that allows joint systems data (ISPs, TISP) to be uploaded.


  3. Mike
    November 10, 2008 at 8:32 pm (11 years ago)

    I currently work for an AF MAJCOM A6 and we’re not using eMASS. Furthermore, from what AFCA has told me, there is no interface between eMASS and EITDR. So, if you use eMASS for C&A, then you’d have to somehow migrate that data to EITDR for your accreditation decision and connection decision.

    Anyone worked with EITDR v2.8 yet? It was just released last week….

  4. Rene
    November 3, 2009 at 7:35 pm (10 years ago)

    Enter text right here!
    For those of you who already use eMass, what are some of the features would you like to have written in a white paper?

  5. Dan
    November 25, 2009 at 1:59 pm (10 years ago)

    If a software product is DADMS approved, does that allow Navy and Marine Corp administrators to purchase, install and run on all networks? Does DADMS provide an authority to operate?

  6. James
    February 3, 2010 at 6:14 pm (10 years ago)

    Tieing this post together ASD (NII) / DoD CIO has sponsered the migration of a desktop application to develop ISPs to a webservice hosted by DISA. That is anticipated to be complete in August 2010. Currently DoD programs upload their ISP to a DISA website for review which is mentioned above. This developing website already pulls info from DITPR and is looking to expand its ability. The hope is to pull info from disparate databases into an aggregated site where DoD CIO can easily maintain their statutory and regulatory requirements for DoD acquisition. Building ties into Services IT registries will become important to oversight role.


3Pingbacks & Trackbacks on Enterprise Mission Assurance Support Service (eMASS)

  1. […] of being audited annually to make sure it is in compliance with federal regulations.  The eMASS IT Portfolio management systems (EITDR, DITPR-DON, APMS) also has this feature intergrated into its […]

  2. […] none of its C&A (soon Risk Management Framework) through EITDR. The USAF is moving to the eMASS. As of Aug 2011, the USAF is still using EITDR to do IT portfolio management (to remain compliant […]

Leave a Reply

Your email address will not be published. Required fields are marked *

Comment *