Monitoring and managing security from the CAM Workspace Home page

  • Release version: Zurich
  • Updated July 29, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Monitoring and managing security from the CAM Workspace Home page

    The CAM Workspace Home page serves as a centralized hub for ServiceNow customers to continuously monitor and manage user and system compliance with the NIST Risk Management Framework. It helps ensure adherence to your organization’s security policies and guidelines by providing real-time insights into authorization boundaries, security controls, and related activities.

    Show full answer Show less

    Key Features

    • Authorization Boundaries Visualization: Displays the scope and operational status of systems you manage, including total boundaries, mission-critical boundaries, and packages categorized by NIST Risk Management Framework (NFT) steps and impact levels.
    • Package Aging Tracking: Monitors how long authorization packages remain in each NFT step, helping identify bottlenecks in the authorization process.
    • Tracking Active Controls and Issues: Provides widgets displaying the overall status of active controls (compliant and non-compliant), control tests (active, overdue, and their statuses), and Plans of Action and Milestones (POA&Ms) with priority and overdue counts.
    • Task Management: Shows pending tasks assigned to you and your group, with the option to view all tasks for detailed monitoring and management.

    Access and Roles

    To access the CAM Workspace Home page, navigate within ServiceNow to All > CAM Workspace. Proper role assignment is required to perform specific tasks, including:

    • Authorization Official: Approve and update authorization packages.
    • CAM Admin: Perform system administration tasks.
    • Executive Reader: View CAM Workspace data.
    • Information Owner: Update authorization package information types.
    • Information System Security Manager and Officer: Manage and verify operational security posture.
    • Reader: Read-only access to CAM Workspace.
    • Scheduler: Run scheduled jobs.
    • Security Control Assessor: Assess security controls thoroughly.
    • System Owner and System User: Manage and update system boundaries, filters, milestones, and tasks.

    Practical Benefits

    By using the CAM Workspace Home page, ServiceNow customers can gain continuous visibility into the compliance status of their systems, efficiently manage authorization packages through their lifecycle, track control effectiveness, and prioritize remediation efforts. This centralized monitoring reduces security risks and supports compliance with organizational and regulatory requirements.

    The CAM Workspace is a centralized hub where you can continuously monitor and manage compliance of users and systems with the NIST Risk Management Framework to ensure adherence to your security policies and guidelines.

    Accessing the Home page

    Navigate to All > CAM Workspace.

    CAM home page displaying the overall status of the CAM objects.

    Overview section

    Authorization boundaries define the scope of a particular system that can be continuously managed and monitored using the CAM application.

    Total boundaries
    The donut chart displays the relative proportion of total boundaries present in your organization based on operational status.
    Packages by step
    The bar chart displays the count of packages in each NFT step. However, there’s only one package that is active for the selected boundary.
    Mission critical boundaries
    The bar chart displays the count of mission-critical boundaries by operational status.
    Packages by impact
    Active packages are characterized as low, medium, or high impact and in NFT states such as Select, Implement, Assess, Authorize, and Monitor.
    Aging of Packages
    Track the ageing of the package at different steps, showing you for how many days the authorization package stayed in each step. If the package moves back to a previous step, the widget will clear the number of days recorded for the subsequent steps. Only the days spent in the current step and the previous step are displayed.

    Tracking section

    Tracks the active controls, control tests, and plan of action and milestones (POA&Ms) as separate widgets to give an overall status of these CAM objects.

    Controls report
    Total count of active, compliant, non-compliant controls. The pie chart displays the status proportionally.
    Control tests report
    Total count of active and overdue control tests and count of control tests in the Open, Work in Progress, and Review statuses. For these CAM control tests, the parent is an engagement and the engagement is associated with the authorization package.
    POA&Ms report
    Counts of open and overdue POA&Ms and the stacked horizontal chart depicts their priority status. POA&Ms are issues related to an authorization package, or control, engagement, control test of the package.

    Tasks section

    Displays your and your group's pending tasks. Select View all tasks to open the Tasks landing page as described in Monitor and manage CAM tasks.

    CAM roles that are required for particular tasks are listed in CAM user roles.

    Required roles

    • Authorization Official (sn_irm_cont_auth.authorization_official), to approve and update authorization packages.
    • CAM admin (sn_irm_cont_auth.admin), to perform all system admin tasks in CAM.
    • Executive Reader (sn_irm_cont_auth.executive_read), to read CAM Workspace.
    • Information Owner (sn_irm_cont_auth.information_owner), to update information types of an authorization package.
    • Information System Security Manager (sn_irm_cont_auth.info_system_sec_manager), to conduct information system security management activities.
    • Information System Security Officer (sn_irm_cont_auth.info_system_sec_officer), to verify that the appropriate operational security posture is maintained for an information system.
    • Reader (sn_irm_cont_auth.reader), to read CAM Workspace.
    • Scheduler (sn_irm_cont_auth.scheduler), to run all scheduled jobs for the application.
    • Security Control Assessor (sn_irm_cont_auth.sec_control_assessor), to conduct a thorough assessment of the management, operational, and technical security controls of an information system.
    • System Owner (sn_irm_cont_auth.system_owner), to procure, develop, integrate, modify, operate, and maintain an information system.
    • System User (sn_irm_cont_auth.system_user), to update authorization boundaries, set boundary filter, elements, milestones, and acceptance tasks.

    Access the Home page of the CAM Workspace

    To access the Home page, navigate to All > CAM Workspace.