Jan Spurlin
ServiceNow Employee
ServiceNow Employee

The ServiceNow® Continuous Authorization and Monitoring application (CAM for short) applies a standardized approach to automating NIST's Risk Management Framework (RMF).

RMF was mandated by the U.S. Federal government to provide the necessary resiliency to support the economic and national security interests of the United States. Continuous Authorization and Monitoring employs the seven steps defined by the RMF to allow you to make better-informed decisions about your security posture.

 

CAM is an accelerator that sits ON TOP of the core GRC applications. So, understanding how the core GRC applications work is the best place to start. We have a lot of training related to this - both on demand and instructor led.  Take a look at this article to get more details on what is available to understand the core GRC concepts:  https://www.servicenow.com/community/new-customers-policy-risk/grc-training-what-is-available-what-s...

 

CAM not a topic that is covered in on demand or instructor led training. However, there are several resources that will help you understand it.  Here is list of what I have found - if others have more resources - please add them!

 

Product Documentation

There is a very good section on CAM in Product Docs - here is the link to the first article: https://docs.servicenow.com/bundle/utah-governance-risk-compliance/page/product/grc-cam/concept/cam-...

There is a checklist to set up CAM. There is a description of what an authorization package is. All total there are more than 10 articles in this section.  I would probably start with these.

 

In addition to Product Docs - there are several YouTube videos on CAM.  Here is a good playlist starting point:

https://www.youtube.com/playlist?list=PLQLFpjXuhTZ6TweNRHzRBf3BgoJbPD7e3 

This playlist includes 3 "Ask the Expert" recordings, plus a few other things.

 

Hopefully, this will get you started if you need more information on CAM.

Comments
mmaitland
Tera Contributor

Are there any plans to add on demand training for the CAM module? If no, why not?

Mark Bradberry
Tera Contributor

It's not clear from the available documentation what needs to happen first in GRC core before CAM can be successfully configured and utilized in normal business operations.  Beyond the basic installation items, what preparation and configuration steps have to be done in GRC Profile, Risk/Audit/P&C, etc.?

GRCLifer
Tera Explorer

@mmaitland  - Wasn't sure if you had seen that NowLearning did add a 1 hour on demand course. This is a new course to introduce the participant to the Continuous Authorization and Monitoring accelerator, and upon completion you will earn a badge. Introduction to GRC: Continuous Authorization and Monitoring (CAM) - Now Learning

Version history
Last update:
‎03-14-2023 06:53 AM
Updated by:
Contributors