Marines

HomeNewsMessagesMessages Display

TRANSITIONING SERVICE TOOL USED FOR SYSTEM CYBERSECURITY ASSESSEMENT AND AUTHORIZATION
Date Signed: 7/10/2025 | MARADMINS Number: 324/25
PRINT
MARADMINS : 324/25

R 101606Z JUL 25
MARADMIN 324/25
MSGID/GENADMIN/CMC DCI WASHINGTON DC// 
SUBJ/TRANSITIONING SERVICE TOOL USED FOR SYSTEM CYBERSECURITY
ASSESSEMENT AND AUTHORIZATION// 
REF/A/DOC/DODI 8510.01/19 JUL 2022// 
NARR/REF A IS THE DOD INSTRUCTION ON RISK MANAGEMENT FRAMEWORK FOR
DOD SYSTEMS THAT DIRECTS DOD COMPONENTS TO MAINTAIN VISIBILITY OF
ASSESSMENT AND AUTHORIZATION STATUS OF COMPONENT SYSTEMS THROUGH
AUTOMATED ASSESSMENT AND AUTHORIZATION TOOLS// 
POC/WILLIAM J.  BUSH /CIV/AUTHORIZING OFFICIAL DESIGNATED
REPRESENTATIVE (AODR)/COMM:703-693/-5773/EMAIL:
WILLIAM.BUSH@USMC.MIL// 
POC/RODDY.STATEN/CIV/CYBER STRATEGY/COMM:571-256-8875 
EMAIL:RODDY.STATEN@USMC.MIL// 
GENTEXT/REMARKS/1.  This message formally announces the Marine
Corps’ plan to transition from the use of the Marine Corps
Compliance and Authorization Support Tool (MCCAST) to the use of
DoD’s Enterprise Mission Assurance Support System (eMASS) service
for system cybersecurity assessment and authorization (A&A). eMASS
will provide the Marine Corps with required Risk Management
Framework (RMF) processing capabilities, not supported by MCCAST,
that will improve the ability of Marine Corps users to categorize 
assets, implement appropriate security controls, evaluate
vulnerabilities and respond to emerging threats.  
2.  Situation: 
2.a.   Transitioning from MCCAST to eMASS will provide the Marine
Corps with access to a fully compliant DoD enterprise RMF service
able to support all procedures directed by ref (a).  
2.b.   Users will cease use of both NIPR and SIPR MCCAST versions
and transition to the use of eMASS NLT 11 Dec 2025.  Detail
instructions for MCCAST data migration and new USMC eMASS user start
dates will be provided via separate correspondence (SEPCOR) to
include use of MCCAST email alerts. 
2.c.  eMASS user training will be provided to all Marine
Corps RMF implementers, prior to their transition to eMASS.   
2.d.   For this message, the term “RMF Implementers” collectively
refers to personnel performing the following RMF roles: Authorizing
Official (AO), Authorizing Official Designated Representative
(AODR), Security Control Assessor (SCA), Program Manager (PM),
Information System Security Manager (ISSM), Information System
Security Engineer (ISSE), Organization ISSMs, Organization
Information System Security Officers (ISSO), Systems Owner, Marine
Corps Fully Qualified Validator (MCFQV), G-6/G-6 Staff. 
3.  Mission. To inform RMF implementers and their Commanders/
Officer-in-Charge about the need for this transition and its
implementation approach.  
3.a.  Transition Need:  
3.a.1.  eMASS will replace MCCAST as the Marine Corps’ primary A&A
tool and provide a DoD interoperable enterprise supported A&A
solution that automates a broad range of services for comprehensive,
fully integrated cybersecurity management.  
3.a.2.  This transition will allow the Marine Corps to shift
resources (i.e., funds and personnel) from conduct of MCCAST program
management, to the procurement of a fully RMF compliant DoD
enterprise Software as a Service (SaaS) that meets all Marine Corps’
cybersecurity A&A requirements.  
3.a.3.   For MCCAST users, the transition to eMASS is an upgrade to
a proven enterprise service, that is stable, reliable and able to
provide faster access to RMF process improvements, such as automated
security control inheritance, enterprise level visibility of
reciprocity authorization packages, specially modified process
overlays, and enterprise maintenance of security controls updated
with industry standards (e.g., NIST Special Publication
(SP) 800-53 Rev. 5).  
3.b.  Transition Approach:  
3.b.1. Funding. 
3.b.1.a.  DISA eMASS Program Management Office (PMO) transition
services and subsequent USMC eMASS instance operation and
maintenance will be contracted using funding provided by Deputy
Commandant for Information (DC I).   
3.b.1.b. Contracted services will include eMASS in-person training
planned in support of USMC MCCAST to eMASS user transition.  
3.b.1.c.  DISA eMASS PMO has successfully supported USA, USAF,
and USN eMASS transitions and currently provides in-person
eMASS training for the Services.   
3.b.2.  Data and User Migration Strategy.  
3.b.2.a. Both automated and manual USMC RMF implementer data entry
will be used to complete the transfer of MCCAST authorization
package data to eMASS.  A DC I IC4 (CY) transition team will provide
detail instructions for data migration and eMASS registration during
several planned virtual Town-Hall transition conferences.   
3.b.2.b.  The transition of all MCCAST authorization packages
(data) to eMASS, and the changing-over of all users to eMASS will be
carried out in a phased approach. The total work effort
(i.e., migrating all data between A&A tools and changing over MCCAST
users to the new tool) will be broken into three groupings across
three designated time frames to minimize implementation risk.   
3.b.2.c. An initial set of 16 systems will be piloted through the
transition process to test and confirm the effectiveness of initial
planning. On-going transition will be modified as necessary, based
on post-transition pilot observations. 
3.b.2.d.  Planned Transition Phases.  
3.b.2.d(1) Jun – Jul 2025: Phase 1 (1/3 of systems and user
transition); includes pilots.    
3.b.2.d(2) Aug 2025: Phase 2 (1/3 of systems and user transition)    
3.b.2.d(3) Sep 2025: Phase 3 (1/3 of systems and user transition)    
3.b.2.d(4) Both Marine Corps NIPR and SIPR eMASS instances are
expected to reach Final Operational Capability (FOC) by Oct 2025. 
4. Execution: Commander’s intent. To inform USMC RMF implementers,
and their Commanders/Officers-in-Charge, of planned transition
activities.  
5. Concept of Operations. The Marine Corps Authorizing Official
Designated Representative (DC I IC4 ICC-Y) and a team of RMF subject
matter experts will host on-going MCCAST to eMASS Town Hall meetings
(i.e., virtual conferencing sessions) for the RMF implementer
workforce (CONUS and OCONUS), via Microsoft 365 Teams. These 
sessions will provide users with guidance for continuation of system
A&A operations during the transition, deliver general information
about the eMASS A&A tool, communicate transition instructions, and
identify projected eMASS training opportunities. 
6.  Tasks: 
6.a.  Marine Corps Authorizing Official Designated Representative
(AODR)/IC4 Deputy Compliance Branch Head (Cybersecurity).  
6.a.1.  Marine Corps AODR is the Director Information Command,
Control, Communication and Computers, Deputy Commandant for
Information (Dir IC4, DC I) lead for the MCCAST to eMASS transition
planning and execution. 
6.a.2.  An IC4 ICC CY Transition Team will provide USMC RMF
implementers with MCCAST data migration and eMASS registration
instructions during scheduled MCCAST to eMASS Town Hall Meetings
(Town Hall date/time sent via MCCAST email notification to users).  
6.b.  DISA’s eMASS Program Management Office (PMO). 
6.b.1.  Will establish and maintain the Marine Corps NIPR and SIPR
eMASS instances according to contracted service agreements.
6.b.2.  Provide in-person eMASS user training.  
6.b.3.  Use MCCAST email notifications as an additional means of
communications to provide current MCCAST RMF implementers with
transition action alerts and instructions throughout the
transition process.
6.c.  RMF Implementers. 
6.c.1.  RMF Implementers (i.e., PMs and ISSM/ISSE/ISSOs) will work
together to ensure their NIPR and SIPR MCCAST authorization package
data is migrated to eMASS as instructed by the IC4/DISA eMASS PMO
Transition Team.
6.c.2.  RMF Instructions for authorization package data migration
and eMASS user registration will be provided during the scheduled
Town Hall meetings.  
7.  Administration and logistics: eMASS Projected Training Locations
and Dates. 
7.a.  All eMASS users must complete both foundational and in-person
training.  
7.a.1.  eMASS Foundational Training - eMASS Computer-Based Training
(CBT) online at: https://cybersecurityks.osd.mil/rmfresources/
eMASS/CBT/index.html. 
7.a.2.  eMASS In-Person Training  
July 2025: eMASS In-Person Training (East), MCB Quantico, and
Camp Lejeune. 
Aug 2025: eMASS In-Person Training (West), Camp Pendleton. 
Sep 2025: eMASS In-Person Training (MARFORPAC), MCB Hawaii. 
Oct 2025: MCCES, MCAGCC.   
8.  Command relationships. Marine Corps Authorizing Official
Designated Representative (AODR)/Deputy Compliance Branch Head
(Cybersecurity) is Director Information Command, Control,
Communication and Computers, Deputy Commandant for Information’s
(Dir IC4, DC I) lead for the MCCAST to eMASS transition.
9.  Release authorized by Lieutenant General M. G. Carter,
Headquarters Marine Corps, Deputy Commandant for Information.//