eMASS
Also known as: Enterprise Mission Assurance Support Service
eMASS, the Enterprise Mission Assurance Support Service, is the DoD system used to record and manage cybersecurity assessment and authorization data. In the CMMC context, C3PAO assessment results for Level 2 certification flow through the CMMC eMASS instance, while contractor self assessments are recorded in SPRS.
Related terms
- Supplier Performance Risk System
The Supplier Performance Risk System (SPRS) is the Department of Defense system of record where contractors post their NIST SP 800-171 assessment scores and CMMC affirmations. Contracting officers verify SPRS entries before award on solicitations that include DFARS 252.204-7019, -7020, or -7021.
- CMMC Third-Party Assessment Organization
A CMMC Third-Party Assessment Organization (C3PAO) is an entity accredited by the Cyber AB to perform CMMC Level 2 assessments on behalf of DoD contractors. C3PAOs are not used at Level 1, Level 1 is exclusively self-assessed, and they are not used at Level 3, which is assessed by DIBCAC.
- CMMC Level 2
CMMC Level 2 is the middle CMMC certification tier, covering contractors who handle Controlled Unclassified Information (CUI). It requires implementing all 110 controls of NIST SP 800-171 and undergoing either a self-assessment or a triennial assessment by a CMMC Third-Party Assessment Organization (C3PAO) depending on the program's prioritization.
- Procurement Integrated Enterprise Environment
The Procurement Integrated Enterprise Environment (PIEE) is the DoD's single sign-on portal for procurement-related applications, including SPRS, WAWF, and the CMMC Enterprise Mission Assurance Support Service. Contractors must hold a PIEE account to post SPRS scores or CMMC affirmations.