The ServiceNow® Continuous Authorization and Monitoring (CAM) application helps government agencies, contractors, and high-security organizations make it easier to follow the National Institute of Standards and Technology (NIST) risk management framework. It supports standards like the NIST Risk Management Framework (RMF) and International Organization for Standardization (ISO) 31000. CAM drives digital transformation across the entire risk management lifecycle. This results in reduced manual effort, improved collaboration across teams, and seamless adaptation to specific processes. The application automates numerous tasks, including authorization, boundary management, impact assessments, system categorization, control implementation, audits, plans of action, artifact management, attestations, continuous monitoring, and ongoing authorization.
- Homepage
- Overview of Boundary
- Overview of Package
- Unified Tasks page
- Contextual Pane—Boundary, Package, Control & Control Objectives.
- POA&M Landing page.
- 360 View
- Dashboards in Platform Analytics (Integrated).
- OSCAL export and import of Catalog & SSP.
- ATO Artifacts (SSP, SAR, POA&M, SAP, ATO Letter, Executive Summary).
- Reporting capabilities now supported in Word templates.
Fixed:
- Fixed typography issues and color issues for CORAL theme across CAM workspace, namely CAM homepage, package, and boundary overview.
- Fixed accessibility issues related to label drop-down on POAM landing page.
- Fixed accessibility issues related to zoom issues on CAM's home page.
The following Governance, Risk, and Compliance (GRC) applications must be installed and active:
- GRC: Continuous Authorization and Monitoring (com.sn_irm_cont_auth_monitor).
- GRC: Common Workspace Elements (com.sn_grc_workspace).
- ServiceNow IntegrationHub Action Step—Zip (com.glide.hub.action_step.zip) for OSCAL Export.
Permissions and roles:
- Role required to install the app: System Admin (admin)
When you upgrade this application, make sure to upgrade any other installed GRC applications to the equivalent release version. For example, Continuous Authorization and Monitoring version 19.x is certified to work with other version 19.x GRC applications.