NIST-800-53 controls missing

George P · ‎04-26-2023

Hello, I noticed that the default CAM installation is missing several NIST 800-53 control (182 for Rev 5). Is there an update available that contains the missing controls?

I downloaded the list of NIST 800-53 Rev 5 controls (csv) and counted the records. NIST provides 1,189 controls. I checked my PDI instance and only have 1,007 controls.

George P · ‎07-28-2023

I should have come back here and provided an update.

CAM version 15.0.2 was indeed missing a current control; perhaps it was added after the fact. The solution was to upgrade to 16.0.2, which had the missing control. The remaining missing controls are retired, so ServiceNow did not include them.

View solution in original post

Community Alums · ‎04-26-2023

Hi @George P ,

That's the expected Behaviour for PDIs !!

I have 1071 total CAM controls in my PDI and it doesn't have NIST 800-53 control.

George P · ‎04-27-2023

I probably should have noted that I installed the GRC Continuous Authorization and Monitoring plug-in on my PDI. This product is advertised as coming preloaded with the NIST 800-53 controls, but not all controls were included.

Raj Raghavan · ‎07-28-2023

Hi George

Securitybricks just released a Free FedRAMP accelerator on the appstore that has NIST 800-53 Rev 5 content with authority documents and control objectives built on the CAM app. You can search for FedRAMP on appstore and let us know if we can answer any questions.

Thanks

George P · ‎07-28-2023

I should have come back here and provided an update.

CAM version 15.0.2 was indeed missing a current control; perhaps it was added after the fact. The solution was to upgrade to 16.0.2, which had the missing control. The remaining missing controls are retired, so ServiceNow did not include them.