Learn about the CAM benefits and workflows for users.
CAM overview
The CAM application applies a standardized approach to automating NIST's Risk Management Framework (RMF).
CAM users
CAM roles that are required for particular tasks are listed in CAM user roles.
Table 1. Roles and Responsibilities tab
User / Role
Description
System owner
The individual responsible for procuring, developing, integrating, modifying, operating, and maintaining an information system.
Authorizing Official (AO)
The individual responsible for accepting an information system into an operational environment at a known risk level. Typically, this person is at the CISO or deputy CISO level.
Authorizing Official Designated Representatives (AODR)
One or more AODRs.
Security Control Assessors (SCA)
The individuals responsible for conducting a thorough assessment of the controls of an information system.
Information System Security Managers (ISSM)
The individuals responsible for conducting information system security management activities as designated by the ISSO.
Information System Security Officers (ISSO)
The individuals responsible for ensuring that the appropriate operational security posture is maintained for an information system.
Information owners
The individuals responsible for statutory, management, and operational authority.
System users
The users responsible for performing the actual work on the system.
RMF workflow supported by CAM
RMF was mandated by the U.S. Federal government to provide the necessary resiliency to support the economic and national security interests of the United States. CAM employs the seven steps defined by the RMF to allow you to make better-informed decisions about your security posture.
RMF consists of the seven steps illustrated here.Figure 1. RMF security life cycle
What to explore next
To learn more about configuring and using CAM, see:
