The NIST Risk Management Framework (RMF) is a highly mature set of processes that provides a “common information security framework” for the federal government and its contractors. Compliance to NIST RMF is mandatory in the US Federal government, and increasingly is being voluntarily adopted by state, local and foreign governments, and critical infrastructure and high-risk industries. RMF is made up of a preparation stage and 6 defined steps with a series of tasks and potentially hundreds of controls that must be applied and continuously monitored. When scaled to a typical agency, this results in thousands of controls and tasks that must be managed across multiple departments and roles.
Automating RMF with ServiceNow Continuous Authorization and Monitoring (CAM) allows you to automate more of the overall RMF process and its associated tasks, reducing risk, cost, and the time and effort involved in authorizing a system. With CAM you can:
- Prepare by defining authorization boundaries and their systems
- Categorize information types and their impacts
- Select, inherit, and tailor controls with ease
- Automatically assign controls to the system owners or create them manually
- Assess using built-in audit management to automatically create an audit engagement linked to your authorization package
- Authorize the system for a fixed time period or ongoing basis
- Easily monitor your authorized systems with data from the CMDB, ITSM, ITOM and Security Operations.
CAM was designed to automate workflows in NIST RMF but can be used with the NIST Cybersecurity Framework (CSF), Defense Federal Acquisition Regulation Supplement/NIST 800-171 (DFARS), FedRAMP, ISO31000, and other high maturity frameworks.
See the newest enhancements in action in our "What's New" demo video!
Learn more on the ServiceNow Continuous Authorization and Monitoring webpage
1 Comment
