Cyber Security

The Differences between the Three eMASS Training Courses

March 31, 2016

Bita Beigishah

No matter what role you hold in the Risk Management Framework (RMF) process, you need to understand how to use eMASS. This post breaks down the differences between each course and hopefully makes the process of choosing the right one a little easier.

Who actually could benefit from eMASS training?

eMASS training is designed for anyone who uses or directly manages users of eMASS. These students typically fall in one of the following RMF roles:

  1. Head of Agency
  2. Risk Executive (Function)
  3. Chief Information Officer (CIO)
  4. Information Owner/Steward
  5. Senior Information Security Officer (ISO)
  6. Authorizing Official
  7. Authorizing Official Designated Representative
  8. Common Control Provider
  9. Information System Owner
  10. Information System Security Officer
  11. Information Security Architect
  12. Information System Security Engineer
  13. Security Control Assessor

Need more information about what eMASS is? Then head to our blog post by the eMASS curriculum developer and trainer, Josh Burnett!

What are the differences between the direct-user, workshop and manager’s overview courses?

Enroll in an eMASS Course

eMASS Direct User Training


This is the most in-depth eMASS training currently on the market. One big difference between this course and the others is that it can only be delivered privately at an approved facility. In order to access the test version of eMASS required to perform this class’ labs, the facility must meet a number of network and security requirements. This is also the only eMASS training course that involves extensive hands-on work in a sandbox version of eMASS.

This course examines each role of eMASS and how to use its assigned tools properly. The course works well when combined with either RMF or (ISC)² CAP training. 

eMASS Workshop


Frankly put, this is the training you take if you can’t meet the facility requirements needed to schedule an eMASS Direct User course. There is really nothing different in terms of the lecture part of this course in comparison to the one above. You miss out on the two days of labs.

However, don’t feel discouraged about missing the labs because you still receive the same lab manual that Direct User students receive. You will need to work the labs on your own time at a computer with eMASS access.

Similar to the Direct User option, this training works well when combined with either RMF or (ISC)² CAP training.

eMASS Manager’s Overview


While managers definitely get a ton of value out of either user-level course, they often don’t have the time to commit to several days of training. The Manager’s Overview course solves that problem by providing a condensed training that still reviews all of the eMASS roles and tools that need to be used. It covers roughly the amount of time needed to execute various tasks within eMASS.

This provides managers with a greater sense of their employees’ workloads and allows them to create more realistic deadlines. It enables managers to eliminates the opportunity that an employee might pad the actual amount of time needed to perform any given task (not that any employee would really do something like that).

Time permitting, this course works great when combined with CISO, CISA or CISM training.

subscribe by email

Stay Ahead

Phoenix TS needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.