0
22.0.1
Australia, Zurich Patch 7, Zurich Patch 4, Zurich, Yokohama Patch 12, Yokohama Patch 9, Yokohama Patch 6, Yokohama Patch 2, Yokohama, Xanadu Patch 9, Xanadu Patch 4, Xanadu
Standalone Application
The ServiceNow® Continuous Authorization and Monitoring (CAM) application helps government agencies, contractors, and high-security organizations manage compliance with the National Institute of Standards and Technology (NIST) Risk Management Framework. It supports standards such as the NIST Risk Management Framework (RMF) and International Organization for Standardization (ISO) 31000. CAM enables digital transformation across the entire risk management lifecycle, which results in reduced manual effort, improved collaboration across teams, and seamless adaptation to specific processes. The application automates numerous tasks, including authorization boundary management, impact assessments, system categorization, control implementation, audits, Plans of Action & Milestones (POA&Ms), artifact management, attestations, continuous monitoring, and ongoing authorization.
Intuitive persona-based workspaces help you efficiently manage your RMF program. Each workspace is tailored to specific roles, such as Authorization Official, Security Control Assessor, System Owner, System User, Information Owner, Information System Security Officer, Information System Security Manager, and CAM Admin.
- Homepage
- Overview of Boundary
- Overview of Package
- Unified Tasks page
- Contextual Pane—Boundary, Package, Control & Control Objectives.
- POA&M landing page.
- 360-degree View
- Dashboards in Platform Analytics (Integrated).
- OSCAL export and import of Catalog & SSP.
- ATO Artifacts (SSP, SAR, POA&M, SAP, ATO Letter, Executive Summary).
- Support for Reporting capabilities in Word templates.
New:
- Grid views for assessment procedures and control requirements
- Control and Control Test related lists display in grid views with hierarchical visualization of requirements and test steps.
- Import and export of Assessment Plan (AP) in OSCAL format.
- Export of Assessment Results (AR) in OSCAL format.
- Baseline updates (such as adding controls, marking controls as Not Applicable, reclassifying controls, and modifying configurations) can now be performed after the Select step in the RMF process without reverting existing controls to Draft.
- Ability to inherit controls from multiple Common Control Providers (CCPs) across different authorization packages.
Fixed:
- Fixed security-related bugs.
- Resolved issues with OSCAL import functionality.
The following Governance, Risk, and Compliance (GRC) applications must be installed and active:
- GRC: Continuous Authorization and Monitoring (com.sn_irm_cont_auth_monitor).
- GRC: Common Workspace Elements (com.sn_grc_workspace).
- ServiceNow IntegrationHub Action Step—Zip (com.glide.hub.action_step.zip) for OSCAL Export.
Permissions and roles:
- Role required to install the app: System Administrator (admin)
When you upgrade this application, make sure to upgrade any other installed GRC applications to the equivalent release version. For example, Continuous Authorization and Monitoring version 21.x is certified to work with other GRC applications at 21.x version.