EMASS
**15 March 14 Update – eMASS will match the process/procedure and IA Controls of the new RMF for DoD IT that is replacing the DIACAP. Â **
discussed here a little:Â http://csrc.nist.gov/groups/SMA/ispab/documents/minutes/2012-10/ispab_oct2012_dcussatt_dod-rmf-transition-brief.pdf
**30 Aug 11 Update to eMASS info. Previous information mixed eMass with IT Portfolio Management systems. There was a lot of confusion about eMASS due to is very late release following the official publication of DoDI 8510, DIACAP**
eMASS is a database managed by the DoD created to store, track and manage the activities of the Certification & Accreditation process (and/or risk management framework steps). The database is managed on the NIPR & SIPR. For more information refer to:
Information Assurance Support Environment (IASE)
eMASS vs. IT Portolio Management Systems
eMASS should not be confused with IT Portfolio management system addressed in DoDD 8115.01, “Information Technology Portfolio Management”:
USAF Enterprise Information Technology Data Repository (EITDR)
Department of NAVY DADMS/DITPR-DON
The DON CIO provides guidance on registration requirements for the DON Application and Database Management System (DADMS) and DoD IT Portfolio Registry (DITPR)-DON, which replaced the DON IT Registry. DITPR-DON is the single, authoritative source for data regarding DON IT systems, including National Security Systems. Registration of mission-critical, mission-essential and mission-support systems in DITPR-DON is central to establishing an accurate and reliable enterprise-wide inventory. Additionally, DITPR-DON is used to satisfy statutory and management reporting requirements, including Federal Information Security Management Act reporting and the Business Management Modernization Program certification process.
— http://www.doncio.navy.mil/TagResults.aspx?ID=22
Army Portfolio Management Solution
The The Army Portfolio Management Solution (APMS) is the Army’s system has four major modules: IT registration module, Domain Certification module, Capital Planning & Investment Mgt IT Prioritization Module and Capital Planning Investment Control IT Budget Reporting Module
All the databases do essentially the same thing. For the purpose of DIACAP, the Information Technology registration and IA certification components are the most important.
References:
DoD Regulation 5200.1-R , “DoD Information Security Program,†January 1997
DoDD 8115.01, “Information Technology Portfolio Management”, dated October 10, 2005
DoDD 8500.01E, “Information Assurance (IA),” dated April 23, 2007
DoDI 8551.1, “Ports, Protocols, and Services Management (PPSM) Release 6.9,” dated September, 2007
DoDI 8570.1-M “Information Assurance Workforce Improvement Program,†dated December 19, 2005