The ServiceNow® Continuous Authorization and Monitoring (CAM) application helps government agencies, contractors, and high-security organizations make it easier to follow the National Institute of Standards and Technology (NIST) risk management framework. It supports standards like the NIST Risk Management Framework (RMF) and International Organization for Standardization (ISO) 31000. CAM drives digital transformation across the entire risk management lifecycle. This results in reduced manual effort, enhanced collaboration across teams, and seamless adaptation to specific processes. The application automates numerous tasks, including authorization, boundary management, impact assessments, system categorization, control implementation, audits, plans of action, artifact management, attestations, continuous monitoring, and ongoing authorization.
- Homepage
- Overview of Boundary
- Overview of Package
- Unified tasks page
- Contextual Pane - Boundary, Package, Control & Control Objectives
- POA&M Landing page
- 360 View
- Dashboards in Platform Analytics (Integrated)
- OSCAL export & import of Catalog & SSP.
- ATO Artifacts (SSP, SAR, POA&M, SAP, ATO Letter, Executive Summary)
- Reporting capabilities now supported in word templates.
New:
- Export of Open Security Controls Assessment Language (OSCAL) Catalog.
- Import of OSCAL Catalog and System Security Plan (SSP).
- New Authority to Operate (ATO) artifacts SAP, ATO Letter, and Executive Summary shipped with default templates.
- Reporting capabilities now supported in word format.
- New module with properties to select the template format—HTML or Microsoft Word template.
Changed:
- OSCAL export is now supported without zip plugin dependency.
- OSCAL export is now performed in two steps, generate OSCAL SSP followed by download OSCAL SSP.
Removed:
- Step number is removed from stepper component of package overview page.
Fixed:
- Minor defect fixes and security fixes.
The following Governance, Risk, and Compliance (GRC) applications must be installed and active:
- GRC: Continuous Authorization and Monitoring (com.sn_irm_cont_auth_monitor).
- GRC: Common Workspace Elements (com.sn_grc_workspace).
- ServiceNow IntegrationHub Action Step—Zip (com.glide.hub.action_step.zip) for OSCAL Export.
Permissions and roles:
- Role required to install the app: System Admin (admin)
When you upgrade this application, make sure to upgrade any other installed GRC applications to the equivalent release version. For example, Continuous Authorization and Monitoring version 19.x is certified to work with other version 19.x GRC applications.