Cybersecurity Maturity Model Certification (CMMC) Enterprise Mission Assurance Support-Service (eMASS) Instantiation Information Collection

ICR 202311-0704-006


Federal Form Document

Forms and Documents
No forms / supporting documents in this ICR. Check IC Document Collections.
ICR Details
Received in OIRA
Cybersecurity Maturity Model Certification (CMMC) Enterprise Mission Assurance Support-Service (eMASS) Instantiation Information Collection
New collection (Request for a new OMB Control Number)   No
Regular 11/16/2023
  Requested Previously Approved
36 Months From Approved
11,182 0
2,755 0
580,735 0

The CMMC Program provides for the assessment of contractor implementation of cybersecurity requirements to enhance confidence in contactor protection of unclassified information within the DoD supply chain. CMMC contractual requirements are implemented under a Title 48 acquisition rule, with associated rulemaking for the CMMC Program requirements (e.g., CMMC Scoring Methodology, certificate issuance, information accessibility) under a Title 32 program rule (32 CFR Part 170). The CMMC Title 32 program rule includes two separate information collection requests (ICR), one for the CMMC Program and this one for CMMC eMASS. The CMMC instantiation of eMASS is the electronic collection mechanism for collecting CMMC program data, which provides the Department of Defense (DoD) visibility of the CMMC Levels 2 and 3 certification assessment results. This information collection is necessary to support the implementation of the CMMC assessment process for CMMC Level 2 and Level 3 certification assessments, as defined in 32 CFR 170.17 and 170.18 respectively.

US Code: 5 USC 301 Name of Law: Departmental regulations
   PL: Pub.L. 116 - 92 1648 Name of Law: National Defense Authorization Act for Fiscal Year 2020

0790-AL49 Proposed rulemaking


IC Title Form No. Form Name
Accreditation Body submission of C3PAO information in eMASS
C3PAO submission of assessment data and results in eMASS

  Total Request Previously Approved Change Due to New Statute Change Due to Agency Discretion Change Due to Adjustment in Estimate Change Due to Potential Violation of the PRA
Annual Number of Responses 11,182 0 0 11,182 0 0
Annual Time Burden (Hours) 2,755 0 0 2,755 0 0
Annual Cost Burden (Dollars) 580,735 0 0 580,735 0 0
Miscellaneous Actions
This is a new collection with a new associated burden.

Nicholas Schuff 757 817-7203 [email protected]


On behalf of this Federal agency, I certify that the collection of information encompassed by this request complies with 5 CFR 1320.9 and the related provisions of 5 CFR 1320.8(b)(3).
The following is a summary of the topics, regarding the proposed collection of information, that the certification covers:
    (i) Why the information is being collected;
    (ii) Use of information;
    (iii) Burden estimate;
    (iv) Nature of response (voluntary, required for a benefit, or mandatory);
    (v) Nature and extent of confidentiality; and
    (vi) Need to display currently valid OMB control number;
If you are unable to certify compliance with any of these provisions, identify the item by leaving the box unchecked and explain the reason in the Supporting Statement.

© 2023 | Privacy Policy