GRC: Continuous Authorization and Monitoring vs Risk

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-25-2023 04:01 PM
Hi Folks...
Continuous Authorization and Monitoring application aims at NIST RMF. How does this fit into existing 1) Risk application 2) Policy and Compliance application?
In the past using NIST RMF accelerator, imported control objectives were tied to Entities to generate Controls, however, here the process seems different. My target is to load RMF control objectives and generate controls using existing Entity architecture and existing Risk process. Am I missing something as not able to connect the dots? Please suggest

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-25-2023 08:36 PM
Hi @Bhupinder Singh ,
CAM is Primarily used for NIST RMF which is for Risk Management. Doesn't really require Entities at all.
As you have Authorization Boundaries , where you can use "Boundry Filters" to fetch the "System Elements" from a particular table.
CAM is not really into Policy framework or Risk Framework.
Please refer to the video : https://www.youtube.com/watch?v=98vqw85bl6I