Using eMASS to Automate the IA Process

Using eMASS to Automate the IA Process

eMASS is a web-based application that provides system security authorization capabilities. Access is granted through DoD Common Access Cards (CAC). DISA offers both an online eMASS course and limited classroom training on this system; commercial providers often offer more in-depth courses.

eMASS allows all roles within an A&A chain to automate their input to the RMF process and provides continuous monitoring of systems which have already been approved.

emass is easy to use

eMASS is an automated tool for all stages of IA, from project conception through installation of systems. As part of Defense Information Technology Agency (DISA) Risk Management Framework and mandated by both DoD CIO and DISA guidance, eMASS gives seven roles within the IA chain an opportunity to automate their contributions towards RMF A&A process.

Prior to this tool, security personnel had to manually create checklists that combined non-technical data, POAM/waiver information, human controls and XCCDF scan results into checklists that they would then load into eMASS for each endpoint – a laborious and time consuming task.

SteelCloud has collaborated closely with its military customers and DISA to revolutionize how EMASS STIG Viewer Checklist data is managed. Through a digital transformation, this new way integrates documentation, manual, control exceptions and machine controls seamlessly, producing fully populated checklists quickly – making eMASS easier for all members of an IA chain to use.

emass is secure

Traditionally, security personnel manually pre-populate checklists for each policy that include nontechnical data like POAM/waiver waiver data with XCCDF output from system scans. Once complete, these individual checklists are uploaded into eMASS via an inefficient manual process; making consistency, timeliness and error handling an ongoing challenge for security chains. DISA also implemented an “inactivity timeout”, deactivating accounts after 35 days of inactivity in an effort to help prevent security breaches.

emass is easy to customize

GMass stands out from other Gmail mail merge add-ons by operating entirely within an email draft itself – unlike others which rely on Google Sheets as the hub of operations for running mail merges. This makes accessing mail merge fields much simpler without switching back and forth between spreadsheets and Gmail.

GMass makes personalizing mass emails simple with its first name personalization feature, making it simple and efficient to include personalized content for every recipient in a mass mailing. By automatically recognizing their first names from email addresses, this feature makes inclusion effortless – eliminating time spent manually sorting through long lists of names one-by-one.

GMass makes it simple and effortless to include personalized attachments in mass emails. No matter if it’s tenant invoices, students report cards or any other files – simply upload all of them to Google Drive or Dropbox, link them in your spreadsheet and GMass will attach them automatically when sending out each message. GMass even supports dynamically generated filenames so there’s no need for creating and saving folders separately for each email sent; plus it shows you exactly how many recipients were sent each version! Plus if running A/B tests – GMass will let you know exactly how many recipients were sent each version!

Sam is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.