The ServiceNow® Continuous Authorization and Monitoring (CAM) application helps government agencies, contractors, and high-security organizations make it easier to follow the National Institute of Standards and Technology (NIST) risk management framework. It supports standards like the NIST Risk Management Framework (RMF) and International Organization for Standardization (ISO) 31000. CAM drives digital transformation across the entire risk management lifecycle. This results in reduced manual effort, improved collaboration across teams, and seamless adaptation to specific processes. The application automates numerous tasks, including authorization, boundary management, impact assessments, system categorization, control implementation, audits, plans of action, artifact management, attestations, continuous monitoring, and ongoing authorization.
- Homepage
- Overview of Boundary
- Overview of Package
- Unified Tasks page
- Contextual Pane—Boundary, Package, Control & Control Objectives.
- POA&M Landing page.
- 360 View
- Dashboards in Platform Analytics (Integrated).
- OSCAL export and import of Catalog & SSP.
- ATO Artifacts (SSP, SAR, POA&M, SAP, ATO Letter, Executive Summary).
- Reporting capabilities now supported in Word templates.
New:
- CAM overlays new capability has been introduced to perform various operations like addition, subtraction, custom while applying a policy overlay to an Authorization package.
- Ageing of a package across different steps can now be tracked on CAM home page.
- An Authorization package can now be reauthorization by automated engagement creation as per the date configured in next authorization date field.
- Authorization documents new tab has the reporting capabilities supported in authorization package.
- System properties page is now introduced in workspace.
- OSCAL import user experience is now enhanced with the introduction of playbook experience.
- OSCAL import capabilities in preview and override stage have been enhanced with operations like skip and override.
- OSCAL import and export has been enhanced with support for multiple Catalog overlay files.
Fixed:
- Controls related list in workspace now has reference field.
- Attestations in task page now has reference field.
The following Governance, Risk, and Compliance (GRC) applications must be installed and active:
- GRC: Continuous Authorization and Monitoring (com.sn_irm_cont_auth_monitor).
- GRC: Common Workspace Elements (com.sn_grc_workspace).
- ServiceNow IntegrationHub Action Step—Zip (com.glide.hub.action_step.zip) for OSCAL Export.
Permissions and roles:
- Role required to install the app: System Admin (admin)
When you upgrade this application, make sure to upgrade any other installed GRC applications to the equivalent release version. For example, Continuous Authorization and Monitoring version 19.x is certified to work with other version 19.x GRC applications.