Continuous Authorization and Monitoring

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Continuous Authorization and Monitoring

    Continuous Authorization and Monitoring (CAM) is a ServiceNow application designed to automate the seven steps of the NIST Risk Management Framework (RMF), enabling organizations to make informed decisions about their security posture. CAM helps companies identify and mitigate risks to their infrastructure by following a standardized, government-mandated approach that is especially relevant for federal agencies.

    Show full answer Show less

    Key Features

    • RMF Automation: CAM automates the seven RMF steps, from preparation to monitoring, supporting compliance with NIST standards.
    • Step 0 - Prepare: Define authorization boundaries, control overlays, information types, and create authorization packages.
    • Step 1 - Categorize: Classify the sensitivity and criticality of information systems based on worst-case impact scenarios.
    • Step 2 - Select Controls: Approve impact levels and select baseline security controls for implementation.
    • Step 3 - Implement Controls: Apply and manage selected controls within your environment.
    • Steps 4-6 - Assess, Plan, and Manage: Assess internal and external controls, generate Plans of Action and Milestones (POA&M), and handle change requests and vulnerabilities.
    • Assessment Objectives: Includes NIST 800-53A assessment objectives mapped to revision 5 control objectives, integrated within the system.
    • CAM Workspace: A centralized interface for continuous monitoring and management of compliance with RMF security policies.
    • Reference Materials: Detailed documentation of tables, properties, forms, and roles installed with CAM for configuration and troubleshooting.

    Practical Considerations for ServiceNow Customers

    • CAM is available as a separate subscription plugin (com.snirmcontauthmonitor) and requires activation.
    • To begin using CAM, customers should download and configure the application from the ServiceNow Store, following the provided checklist.
    • ServiceNow offers resources like the Known Error Portal, Community forums, and Customer Support to assist with troubleshooting and optimizing CAM usage.
    • Customers can view all available ServiceNow applications and submit requests through the ServiceNow Store.

    Continuous Authorization and Monitoring (CAM) employs the seven steps defined by the NIST Risk Management Framework (RMF) to allow you to make better-informed decisions about your security posture.

    The video gives you an overview of the seven steps of the Risk Management Framework mandated by the US government for federal agencies that help companies to identify and eliminate risks to their infrastructure.

    Get started

    Request apps on the Store

    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    The Continuous Authorization and Monitoring (com.sn_irm_cont_auth_monitor) plugin is available as a separate subscription and requires activation.

    Troubleshoot and get help