Does CAM implentation needs Entity Framework?

Bhupinder Singh
Tera Contributor

‎10-25-2023 04:15 PM

We already have Risk application set up with Entity framework. Now, the ask is to add NIST RMF and as per documentation, CAM is the application to implement NIST RMF. However, it does have Authorization boundaries instead on Entities and therefore it seems like a conflict. Eventually, we need apply selective family controls from NIST RMF to existing Risks.

 

But not sure how does it all fits together. Any inputs will be appreciated?

0 Helpfuls
  • 502 Views
2 REPLIES 2

Community Alums
Not applicable

‎10-25-2023 08:36 PM

Hi @Bhupinder Singh ,

CAM is Primarily used for NIST RMF which is for Risk Management. Doesn't really require Entities at all.

As you have Authorization Boundaries , where you can use "Boundry Filters" to fetch the "System Elements" from a particular table.

CAM is not really into Policy framework or Risk Framework.

Please refer to the video : https://www.youtube.com/watch?v=98vqw85bl6I

 

10/28 Ask the Expert: Discover Continuous Authorization & Monitoring on cybersecurity risk: NIST RMF
10/28 Ask the Expert: Discover Continuous Authorization & Monitoring on cybersecurity risk: NIST RMF
youtube.com/watch?v=98vqw85bl6I
Join us to see the release of the new ServiceNow application Continuous Authorization and Monitoring (CAM) in action. CAM was designed to help organizations implement NIST RMF but can be used for so much more, such as NIST CSF, GSA and DHS frameworks for cloud providers (FedRAMP) and Trusted ...

Bhupinder Singh
Tera Contributor

‎10-30-2023 12:54 PM

Hi @Community Alums 

Thanks for inputs. With NIST RMF in picture, can Entity Framework still be used with Risk application (utilizing RMF control objectives from CAM), I understand CAM is now meant for RMF, however due to other regulations we still have to use Risk application and therefor want to avoid usage of multiple application to manage Risks. What would be the recommended best practice?

Thanks 

0 Helpfuls