Consolidated page of all release notes for Continuous Authorization and Monitoring from Zurich to Australia.
How to use this page
To help you prepare for your upgrade, we have combined the cross-family Continuous Authorization and Monitoring release notes onto one page. Read this summary of the new features, changes, and updated information for your product from Zurich to Australia.
Tip: If there were no updates for a release notes section in a certain family release, we included a short note for your reference. For example, if a product did not have any updates in Tokyo, the row says "No updates for this release."
Important information for upgrading Continuous Authorization and Monitoring to Australia
Before you upgrade to Australia, review these pre- and post-upgrade tasks and complete the tasks as needed.
| Release |
Release notes |
Zurich |
No updates for this release. |
Australia |
No updates for this release. |
New features
Between your current release family and Australia, new features were introduced for Continuous Authorization and Monitoring.
| Release |
Release notes |
Zurich |
-
[Placeholder link text to key cam-workflow-configurator]
- Streamline governance, risk, and compliance processes with the CAM Workflow Configuration. This feature allows administrators to:
- Create and manage multiple workflows within a package.
- Define GRC State Models for custom workflows.
- Configure and version workflows.
- Evaluate workflow version impacts to retrieve baseline controls.
- Set up workflow-specific approval configurations.
- Perform risk assessments across CAM objects.
- Migrate the NIST RMF flow to workflow configuration for improved standardization.
- [Placeholder link text to key add-child-boundary]
- Introducing a new Child Boundaries list that enables a one-to-many boundary hierarchy, allowing you to create relationships between boundaries. This hierarchy is visualized in both the sidebar and diagram view, showing one
parent boundary with multiple child boundaries. OSCAL export and import now include the parent boundary relationship if present.
- Dynamic Boundary Filters Dynamic boundary filters
- Select the Dynamic Filter option in boundary filters to update system elements according to filter conditions. When disabled, the system elements remain unchanged. This update enhances the flexibility
of boundary filter management.
- Boundary operational status automation
- Linking boundary operational status to the package life cycle ensures seamless integration. Key changes include:
- Automatic update of boundary status to Operational when a package moves to the Monitor state.
- Transition of Boundary status to Reauthorize as the Package Authorization date approaches. This update maintains synchronization between package and boundary states, enhancing overall system coherence.
- [Placeholder link text to key export-oscal-files-from-authorization-package]
- Generating and downloading OSCAL SSP and POA&M files is supported directly from within a authorization package. The supported file types include:
- Catalog
- Overlay Catalog
- Profile
- SSP
- POA&M
- OSCAL import enhancements
- Enhancing the OSCAL import experience, the OSCAL import playbook now allows you to:
- Import individual POA&M JSON files.
- User Mapping: Automatically map users to existing ServiceNow users based on exact name matches, with the option to manually adjust mappings.
- Group Mapping: Automatically map groups to existing ServiceNow groups based on exact name matches, with the option to manually adjust mappings.
- Roles and Responsibilities: Populate relevant package fields with roles and responsibilities.
- Overlay enhancement
- Apply policies as an overlay in an authorization package to determine how the control objectives in the policy impact the baseline. This can be done in the following ways:
- Addition: Create control objectives to address specific requirements not covered in the baseline.
- Subtraction: Move existing control objectives to Not Applicable.
- Customization: Create, move existing control objectives to not applicable, or skip control objectives.
- OSCAL enhancements
- Use the OSCAL import playbook to follow a user-friendly, step-by-step approach for importing OSCAL models. Using the playbook, you can:
- Add multiple Catalog overlay files.
- Preview OSCAL data before importing them to confirm accuracy. You can preview the following:
- Authorization boundary
- Authorization package
- System elements
- Information types
- Baseline controls
- Inherited controls
- Hybrid controls
- Not applicable controls
- Policies
- Control objectives
- Control objectives requirements
- Skipped objects in the preview, such as control objectives, policies, authorization boundaries and packages can be individually overridden.
|
Australia |
- OSCAL Assessment Plan export and import
- After upgrading to version 22.0.2, Continuous Authorization and Monitoring supports import and export of OSCAL Assessment Plan (AP) files.
Import OSCAL AP files from external tools to automatically generate engagements,
control tests, test plans, user assignments, and test scope. Multiple AP files can be imported together for packages with multiple engagements. Export generates OSCAL AP files for auditors and authorizers, enabling
other systems to understand what testing is planned or was performed.
- Request control tailoring
- After upgrading to version 22.0.2, make incremental changes to control sets while preserving the state of unchanged controls without having to reset the entire package life cycle. Supported modifications include adding new
controls, marking controls as not applicable, changing control allocation (baseline to inherited or hybrid), and modifying inheritance configurations.
- Inherit from multiple providers
- After upgrading to version 22.0.2, Controls can inherit individual control requirements from multiple Common Control Providers (CCPs) across different authorization packages. Previously, inheritance was limited to a single
provider per control, which required creating multiple duplicate inherited controls when requirements came from different sources.
- Control grid view
- After upgrading to version 22.0.2, edit implementation statements and attestation respondents directly in a hierarchical data grid through the Controls tab in an authorization
package.
- Control tests grid view in Engagements
- After upgrading to version 22.0.2, toggle between traditional related list and hierarchical data grid on the Control tests tab. Changes to assessment procedure effectiveness automatically cascade to parent control test
effectiveness.
- CAM workflow configuration enhancements
- After upgrading to version 22.0.2, control button visibility, UI page access, and related list actions across different workflow steps. Previously, related list actions (such as add or remove buttons for information types or
baseline control actions) required manual scripting to support custom workflows.
The following new state model attributes have been introduced:
- Required Authorization Documents Page
- Required Overlay Page
- Required Information Type Actions
- Required Baseline Actions
- Required Overlay Actions
- Request Control Tailoring
- Generate OSCAL AP
- Generate OSCAL AR
|
Changes
Between your current release family and Australia, some changes were made to existing Continuous Authorization and Monitoring features.
| Release |
Release notes |
Zurich |
|
Australia |
No updates for this release. |
Removed
Between your current release family and Australia, some Continuous Authorization and Monitoring features or functionality were removed.
| Release |
Release notes |
Zurich |
No updates for this release. |
Australia |
No updates for this release. |
Deprecations
Between your current release family and Australia, some Continuous Authorization and Monitoring features or functionality were deprecated.
| Release |
Release notes |
Zurich |
No updates for this release. |
Australia |
No updates for this release. |
Activation information
Review information on how to activate Continuous Authorization and Monitoring.
| Release |
Release notes |
Zurich |
Install CAM by requesting it from the ServiceNow Store.
|
Australia |
Install Continuous Authorization and Monitoring by requesting it from the ServiceNow Store. Visit the ServiceNow Store to view all the available apps, and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.
|
Additional requirements
If any additional requirements were introduced or changed for Continuous Authorization and Monitoring we have noted them here.
| Release |
Release notes |
Zurich |
No updates for this release. |
Australia |
No updates for this release. |
Browser requirements
If any specific browser requirements were introduced or changed for Continuous Authorization and Monitoring we have noted them here.
| Release |
Release notes |
Zurich |
No updates for this release. |
Australia |
No updates for this release. |
Accessibility information
Review details on accessibility information for Continuous Authorization and Monitoring, such as specific requirements or compliance levels.
| Release |
Release notes |
Zurich |
No updates for this release. |
Australia |
No updates for this release. |
Localization information
If there are specific localization considerations for Continuous Authorization and Monitoring we have noted them here.
| Release |
Release notes |
Zurich |
No updates for this release. |
Australia |
No updates for this release. |
Highlight information
If there are specific highlight considerations for Continuous Authorization and Monitoring we have noted them here.
| Release |
Release notes |
Zurich |
- Simplify Governance, Risk, and Compliance processes by enabling admins to create, version, and manage custom workflows, define state models, configure approvals, assess risks, and standardize with NIST RMF migration.
- The CAM workspace homepage now features card-based containers with headers, sidebars, and overviews for a more organized and modern experience.
- Authorization boundaries and package layout are now vertical. New Boundary Type and Classification records are included in OSCAL export file.
- Add a Child Boundaries to create one-to-many relationships between boundaries. You can view the parent-child boundary mapping of a authorization boundary in the
Highlighted details panel under the Boundary hierarchy section.
- Select the Dynamic Filter option to make boundary filters update system elements automatically based on conditions, enhancing filter flexibility.
- Boundary operational status now automatically syncs with the package life cycle.
- Generate and download Open Security Controls Assessment Language (OSCAL) System Security Plans (SSP) and Plan of Action and Milestones (POA&M) files directly from within a package.
- The OSCAL import playbook now supports importing single POA&M JSON files, automatically maps users and groups by exact names to ServiceNow, and populates package roles and responsibilities for a
streamlined import experience.
- CAM overlays new capability has been introduced to perform various operations like addition, subtraction, custom while applying a policy overlay to an authorization package.
- Import OSCAL models using a user-friendly playbook that guides you through preview and customization steps.
See Continuous Authorization and Monitoring for more information.
|
Australia |
- Automatically generate engagements by importing Assessment Plan (AP) files. Additionally, export engagement data in OSCAL format from the current instance.
- Make incremental changes to control sets in authorized packages without having to reset the entire package life cycle.
- Inherit individual requirements for baseline controls from multiple Common Control Providers (CCPs) across different authorization packages.
- View and edit Controls and Engagements sections in Authorization Packages in a hierarchical grid.
- Control visibility of UI elements across different workflow steps through state model attributes.
See Continuous Authorization and Monitoring for more information.
|