Skip to Main Content

An official website of the Commonwealth of Massachusetts

,
December 10, 2025

NOTICE: MMARS to Mosaic Conversion Activities Will Replace Mid-Year Department Security Officer (DSO) Enterprise Security Access Review

CTR Compliance Corner

To reduce the burden during the transition from MMARS to Mosaic, CTR is working directly with Department Security Officers (DSOs) on enterprise systems security access. All active MMARS users will be converted to Mosaic and given the security roles that best match their current assignments. CTR will be confirming users directly with DSOs to address any recent retirements, terminations or transfers.

For this year (Fiscal Year 2026) only, DSOs will not have to complete the formal mid-year Enterprise Systems Security Certification. Instead, departments should ensure that a sufficient number of DSOs have been designated to support anticipated security updates during absences and leaves. If your department only has one back up DSO, consider having additional back up DSOs designated and trained in Mosaic so you have sufficient coverage.

Now is also a good time for DSOs to review current MMARS user lists. Confirm which users will be migrated to Mosaic and remove any who have transferred, retired, or otherwise left the department and will not be converted.

Department Primary DSO and Backup DSOs are designated using the Key State Finance Law Compliance Responsibilities Update Form.

Action Steps

Your Internal Control Officer (ICO) should review your written system of internal controls to ensure it is current and supports these training compliance goals. Your ICO can also help verify that the department head is accurately certifying compliance in the annual Internal Control Certification.

Bookmark our CTR Compliance Corner as your one-stop shop for alerts and success factors that you can integrate into your daily operations to keep you safe on your mission.