A reader who calls himself “Dis-appointed?” asks:
Dear Dr. RMF,
Are appointment letters required to obtain an eMASS account for the roles of ISSO, ISSM, and SCA? Also, are appointment letters required for executing the roles of ISSO, ISSM and SCA (outside of obtaining eMASS accounts)?
Dr. RMF Responds:
Dear Dis,
There is no DoD-wide policy regarding eMASS access. Access policies are maintained at the individual DoD component level. Dr. RMF therefore recommends you direct your question to the administrator of the particular eMASS system that your organization uses (e.g., Army eMASS, Air Force eMASS, Navy eMASS, etc.).
Dr. RMF recommends a formal appointment letter be given to each person with a designated “role” in the RMF process. This will ensure that they are aware of their responsibilities.
Also, for what it’s worth, please note there is not a “one to one match” between the eMASS account “roles” and the RMF “roles” as defined in DoD Instruction 8510.01.
Do you have an RMF dilemma that you could use advice on how to handle? If so, Ask Dr. RMF! BAI’s Dr. RMF consists of BAI’s senior RMF consultants who have decades of RMF experience as well as peer-reviewed published RMF research.
Want to see more of Dr. RMF? Watch our Dr. RMF video collection at https://www.youtube.com/c/BAIInformationSecurity
Dr. RMF submissions can be made at https://rmf.org/dr-rmf/