Accessibility Tools

Skip to main content

Access World-Class NIST RMF Documentation with ASP Learn More

NISP RMF A&A eMASS Due to Celebrate Four Year Anniversary on May 6, 2023

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

The National Industrial Security Program (NISP) Enterprise Mission Assurance Support Service (eMASS) - the official system of record for the NISP Risk Management Framework (RMF) Assessment and Authorization (A&A), turns four years old on May 06, 2023. 

Though the system of records for cleared contractors has not been without its challenges - overall - industry has largely accepted and embraced the migration from the previous A&A process.  Said NAO Chief David Scott. the NIST eMASS third-year anniversary in 2022, "The NISP Authorization Office (NAO) continues to implement NISP eMASS enhancements that streamline operations and provide superior visibility and tracking of all RMF A&A actions…After the success of the Package Approval Chain workflow modification, additional enhancements are in development to support the maturation of the RMF process while we provide improved capabilities to all stakeholders and address our users' evolving needs."  As of May 2022, eMASS had approximately 6,015 systems, 2,361 organizations/containers, and approximately 4,000 users.

The NAO is accountable for the Defense Counterintelligence and Security Agency’s (DCSA) timely, consistent policy implementation and A&A determinations nationwide, working closely with cleared defense industry, government contracting activities, and other DCSA industrial security personnel.

From Beginning to End, Complete Project Management for NIST RMF A&A within eMASS

With Arlington, we can manage your entire NIST RMF A&A process within eMASS from beginning to end (i.e., from the initial NIST RMF eMASS scoping & gap assessment to post-Authorization to Operate (ATO) activities), providing essential services for getting you to the finish line in terms of your ATO.  Core services and solutions offered include the following:

  • Scoping & Gap (i.e., Readiness) Assessments
  • Remediation Services (Policy and Procedures writing)
  • Remediation Services (Technical and Operational)
  • System Security Plan (SSP) Development
  • Completion of eMASS Export Control Spreadsheets
  • Continuous Monitoring (ConMon) Services

About Arlington


We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®.  Learn more at arlingtonintel.com.