GRC: Continuous Authorization and Monitoring vs Risk

Bhupinder Singh
Tera Contributor

‎10-25-2023 04:01 PM

Hi Folks...

 

Continuous Authorization and Monitoring application aims at NIST RMF. How does this fit into existing 1) Risk application 2) Policy and Compliance application?

 

In the past using NIST RMF accelerator, imported control objectives were tied to Entities to generate Controls, however, here the process seems different. My target is to load RMF control objectives and generate controls using existing Entity architecture and existing Risk process. Am I missing something as not able to connect the dots? Please suggest 

0 Helpfuls
  • 526 Views
1 REPLY 1

Community Alums
Not applicable

‎10-25-2023 08:36 PM

Hi @Bhupinder Singh ,

CAM is Primarily used for NIST RMF which is for Risk Management. Doesn't really require Entities at all.

As you have Authorization Boundaries , where you can use "Boundry Filters" to fetch the "System Elements" from a particular table.

CAM is not really into Policy framework or Risk Framework.

Please refer to the video : https://www.youtube.com/watch?v=98vqw85bl6I

 

10/28 Ask the Expert: Discover Continuous Authorization & Monitoring on cybersecurity risk: NIST RMF
10/28 Ask the Expert: Discover Continuous Authorization & Monitoring on cybersecurity risk: NIST RMF
youtube.com/watch?v=98vqw85bl6I
Join us to see the release of the new ServiceNow application Continuous Authorization and Monitoring (CAM) in action. CAM was designed to help organizations implement NIST RMF but can be used for so much more, such as NIST CSF, GSA and DHS frameworks for cloud providers (FedRAMP) and Trusted ...