0
21.1.1
Zurich Patch 4, Zurich, Yokohama Patch 9, Yokohama Patch 6, Yokohama Patch 2, Yokohama, Xanadu Patch 9, Xanadu Patch 4, Xanadu, Washington DC Patch 5, Washington DC Patch 3
The ServiceNow® Continuous Authorization and Monitoring (CAM) application helps government agencies, contractors, and high-security organizations make it easier to follow the National Institute of Standards and Technology (NIST) risk management framework. It supports standards like the NIST Risk Management Framework (RMF) and International Organization for Standardization (ISO) 31000. CAM drives digital transformation across the entire risk management lifecycle. This results in reduced manual effort, improved collaboration across teams, and seamless adaptation to specific processes. The application automates numerous tasks, including authorization, boundary management, impact assessments, system categorization, control implementation, audits, plans of action, artifact management, attestations, continuous monitoring, and ongoing authorization.
An intuitive persona-based workspace efficiently manages your RMF program. The workspace is unique to each role, such as Authorization Official, Security Control Assessor, System Owner, System User, Information User, Information System Security Officer, Information System Security Manager, and CAM Admin.
- Homepage
- Overview of Boundary
- Overview of Package
- Unified Tasks page
- Contextual Pane—Boundary, Package, Control & Control Objectives.
- POA&M Landing page.
- 360 View
- Dashboards in Platform Analytics (Integrated).
- OSCAL export and import of Catalog & SSP.
- ATO Artifacts (SSP, SAR, POA&M, SAP, ATO Letter, Executive Summary).
- Reporting capabilities now supported in Word templates.
- New
- CAM Workflow configurator is now introduced to enable administrators to configure multiple workflows based on various frameworks.
- CAM workspace homepage has been enhanced to support CORAL theme capabilities.
- Authorisation Package and Boundary layout has now been changed to vertical layout in the workspace experience.
- Import and Export of OSCAL POAM model is now supported from workspace.
- OSCAL import has been enhanced with user mapping capabilities.
- Changed
- Hybrid controls are now displayed in the 360° View.
- Incident and Vulnerability-related lists for the package are now visible.
- Fixed
- The POA&M-related list is now consistently shown starting from the Implement step across both Classic and Workspace.
- OSCAL defect fixes.
- System Owner field now gets auto-populated for the Authorization boundary.
- Inherited control was incorrectly enabled for baseline controls marked as “Common.” This is now fixed—inheritance is disabled as expected.
- Fixed security defects.
The following Governance, Risk, and Compliance (GRC) applications must be installed and active:
- GRC: Continuous Authorization and Monitoring (com.sn_irm_cont_auth_monitor).
- GRC: Common Workspace Elements (com.sn_grc_workspace).
- ServiceNow IntegrationHub Action Step—Zip (com.glide.hub.action_step.zip) for OSCAL Export.
Permissions and roles:
- Role required to install the app: System Admin (admin)
When you upgrade this application, make sure to upgrade any other installed GRC applications to the equivalent release version. For example, Continuous Authorization and Monitoring version 19.x is certified to work with other version 19.x GRC applications.