{"id":20585,"date":"2021-06-17T11:03:03","date_gmt":"2021-06-17T18:03:03","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/azuregov\/?p=20585"},"modified":"2025-06-18T13:38:10","modified_gmt":"2025-06-18T17:38:10","slug":"accelerating-authorization-dod-mission-owners-can-now-coordinate-with-microsoft-on-emass","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/azuregov\/accelerating-authorization-dod-mission-owners-can-now-coordinate-with-microsoft-on-emass\/","title":{"rendered":"Accelerating authorization: DoD mission owners can now coordinate with Microsoft on eMASS"},"content":{"rendered":"<p><span data-teams=\"true\">The Department of Defense (DoD) has approved Microsoft\u2019s access to the Enterprise Mission Assurance Support Service (eMASS), enabling DoD mission owners to collaborate directly with Microsoft on Azure security authorization packages. This includes streamlined access to control inheritance and implementation details necessary to accelerate authorizations. This milestone was achieved in collaboration with the Defense Information Systems Agency (DISA) and Booz Allen Hamilton (BAH), by translating Microsoft Azure SSPs into a machine-readable format and ingesting them into eMASS using <a href=\"https:\/\/pages.nist.gov\/OSCAL\/\">NIST\u2019s Open Security Controls Assessment Language (OSCAL)<\/a>.<\/span><\/p>\n<p><a href=\"https:\/\/disa.mil\/~\/media\/Files\/DISA\/Fact-Sheets\/eMASS.pdf\" target=\"_blank\" rel=\"noopener\">eMASS<\/a> is the DoD cybersecurity governance, risk, and compliance (GRC) tool that provides an integrated suite of authorization capabilities to improve cyber risk management, including context to understand mission impact by establishing process control mechanisms for obtaining authorization to operate (ATO) decisions. eMASS automates a broad range of processes for comprehensive, fully integrated cybersecurity management including dashboard reporting, workflow automation, and continuous monitoring supporting Risk Management Framework (RMF) for Assessment and Authorization (A&amp;A).<\/p>\n<p><span data-contrast=\"auto\">Today, all eMASS users including DoD mission owners, contractors, and system integrators can submit Azure system-level control inheritance request via NIPR directly to the Azure Compliance Team for the following systems.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<ul>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"5\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Microsoft Azure DoD Platform-as-a-Service\u00a0(PaaS)\u00a0Impact Level 5\u00a0(L5)<\/span><span data-ccp-props=\"{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"5\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Microsoft Azure\u00a0DoD\u00a0Infrastructure-as-a-Service\u00a0(IaaS)\u00a0Impact Level 5\u00a0(L5)<\/span><span data-ccp-props=\"{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"5\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Microsoft Azure Government\u00a0Infrastructure-as-a-Service\u00a0(IaaS)\u00a0Impact Level 4\u00a0(L4)<\/span><span data-ccp-props=\"{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"5\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Microsoft Azure Government\u00a0Platform-as-a-Service\u00a0(PaaS)\u00a0Impact Level 4\u00a0(L4)<\/span><span data-ccp-props=\"{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"5\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Microsoft Azure\u00a0Commercial\u00a0Infrastructure-as-a-Service\u00a0(IaaS)\u00a0Impact Level 2\u00a0(L2)<\/span><span data-ccp-props=\"{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"5\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Microsoft Azure Commercial\u00a0Platform-as-a-Service\u00a0(PaaS)\u00a0Impact Level 2\u00a0(L2)<\/span><span data-ccp-props=\"{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">With\u00a0Microsoft\u00a0now having direct access to eMASS,\u00a0the Azure Compliance\u00a0Team\u00a0can continue supporting our DoD customers\u00a0by:<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<ol>\n<li><span data-contrast=\"auto\">Approving\u00a0system-level\u00a0control inheritance requests\u00a0via\u00a0eMASS.<\/span><span data-ccp-props=\"{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"auto\">Strengthening\u00a0the security posture of\u00a0mission\u00a0owner\u00a0systems by providing\u00a0the\u00a0continuous update and validation of the\u00a0Azure\u00a0system\u00a0authorization\u00a0packages.<\/span><span data-ccp-props=\"{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"none\">Directly\u00a0interfacing\u00a0with eMASS users\u00a0to provide them with the direct support needed to\u00a0unblock\u00a0and accelerate\u00a0their\u00a0compliance efforts within\u00a0Azure,\u00a0such as automated controls inheritance with eMASS.<\/span><span data-ccp-props=\"{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li><span data-contrast=\"none\">Accelerating\u00a0Azu<\/span>re ATO re-authorization efforts,\u00a0including package readiness for\u00a03PAO\u00a0assessment and\u00a0DoD\u00a0authorization official (AO)\u00a0reviews and approvals.<\/li>\n<\/ol>\n<p>All DoD mission owner control inheritance requests are addressed on a per request basis. Please email <a href=\"mailto:AzureFedRAMP@microsoft.com\">AzureFedRAMP@microsoft.com<\/a> for all support requests and Azure compliance questions.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Department of Defense (DoD) has approved Microsoft access to the Enterprise Mission Assurance Support Service (eMASS). This allows DoD mission owners to coordinate with Microsoft on access to the Azure security authorization packages, including control inheritance and control implementation details.<\/p>\n","protected":false},"author":64033,"featured_media":20587,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[75,91,95,216,3446,3447,316,394,502],"class_list":["post-20585","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-azuregov","tag-azure","tag-azure-gov","tag-azure-government","tag-cybersecurity","tag-emass","tag-enterprise-mission-assurance-support-service","tag-government-cloud","tag-microsoft","tag-security"],"acf":[],"blog_post_summary":"<p>The Department of Defense (DoD) has approved Microsoft access to the Enterprise Mission Assurance Support Service (eMASS). This allows DoD mission owners to coordinate with Microsoft on access to the Azure security authorization packages, including control inheritance and control implementation details.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/azuregov\/wp-json\/wp\/v2\/posts\/20585","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/azuregov\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/azuregov\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/azuregov\/wp-json\/wp\/v2\/users\/64033"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/azuregov\/wp-json\/wp\/v2\/comments?post=20585"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/azuregov\/wp-json\/wp\/v2\/posts\/20585\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/azuregov\/wp-json\/wp\/v2\/media\/20587"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/azuregov\/wp-json\/wp\/v2\/media?parent=20585"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/azuregov\/wp-json\/wp\/v2\/categories?post=20585"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/azuregov\/wp-json\/wp\/v2\/tags?post=20585"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}