Note: Completing the additional fields is optional but recommended to assist with risk
management.

• Acronym, eMASS ID, ATO Expiration date, and End of Life date
• Status: Change status to Unapproved if system is not authorized
• Impact of Interruption: E.g., impact to mission, cost of interruption, and/or potential injury; information populates in Impact Description field of eMASS formatted POAM exports
• Mitigations: Enter high-level vulnerability-level mitigations (e.g., System is behind a local firewall, has HBSS deployed, is only accessed by a few people) and System-level mitigations (will populate as the mitigation for eMASS formatted POAM exports)

Rysk Score is assigned by Ryskview.

The Authorization Type and A & A System fields allow you to link systems that are used
across multiple locations and Program Offices. More details are provided in the next section,
Multi System Management.
Authorization Effort entries:

• Assess and Authorize(default): Use for typical Authorizations for Local Area Networks (LAN) or individual systems following the standard ATO Process
• Baseline: Use for a baseline system that will have deployed systems linked to it
• Deployment: Use for systems that will link to a baseline system
• Assess and Incorporate: Use for systems that will integrate into a broader system with continuous improvement and adaptation.

The Attachments section allows user to attach system-related files.
Click the Upload File button to select, attach, and upload files:

• Architecture Diagram
• Hardware/Software (HW/SW) List
• Memo of Agreement (MOA)