Accelerating authorization: DoD mission owners can now coordinate with Microsoft on eMASS
The Department of Defense (DoD) has approved Microsoft access to the Enterprise Mission Assurance Support Service (eMASS). This allows DoD mission owners to coordinate with Microsoft on access to the Azure security authorization packages, including control inheritance and control implementation details required to accelerate their authorization.
eMASS is the DoD cybersecurity governance, risk, and compliance (GRC) tool that provides an integrated suite of authorization capabilities to improve cyber risk management, including context to understand mission impact by establishing process control mechanisms for obtaining authorization to operate (ATO) decisions. eMASS automates a broad range of processes for comprehensive, fully integrated cybersecurity management including dashboard reporting, workflow automation, and continuous monitoring supporting Risk Management Framework (RMF) for Assessment and Authorization (A&A).
Today, all eMASS users including DoD mission owners, contractors, and system integrators can submit Azure system-level control inheritance request via NIPR directly to the Azure Compliance Team for the following systems.
- Microsoft Azure DoD Platform-as-a-Service (PaaS) Impact Level 5 (L5)
- Microsoft Azure DoD Infrastructure-as-a-Service (IaaS) Impact Level 5 (L5)
- Microsoft Azure Government Infrastructure-as-a-Service (IaaS) Impact Level 4 (L4)
- Microsoft Azure Government Platform-as-a-Service (PaaS) Impact Level 4 (L4)
- Microsoft Azure Commercial Infrastructure-as-a-Service (IaaS) Impact Level 2 (L2)
- Microsoft Azure Commercial Platform-as-a-Service (PaaS) Impact Level 2 (L2)
With Microsoft now having direct access to eMASS, the Azure Compliance Team can continue supporting our DoD customers by:
- Approving system-level control inheritance requests via eMASS.
- Strengthening the security posture of mission owner systems by providing the continuous update and validation of the Azure system authorization packages.
- Directly interfacing with eMASS users to provide them with the direct support needed to unblock and accelerate their compliance efforts within Azure, such as automated controls inheritance with eMASS.
- Accelerating Azure ATO re-authorization efforts, including package readiness for 3PAO assessment and DoD authorization official (AO) reviews and approvals.
All DoD mission owner control inheritance requests are addressed on a per request basis. Please email AzureFedRAMP@microsoft.com for all support requests and Azure compliance questions.
Our organization has requested manual inheritance for one of the systems listed, however the status is currently “Pending since 22-Jun-2021”. Is there anything specific you need to approve this request?