Monitoring and managing security from the CAM Workspace Home page

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Monitoring and managing security from the CAM Workspace Home page

    The CAM Workspace serves as a centralized hub for continuously monitoring and managing compliance of users and systems with the NIST Risk Management Framework. It helps ensure adherence to your organization's security policies and guidelines by providing a comprehensive view of authorization boundaries, security controls, and compliance status.

    Show full answer Show less

    Accessing the Home page

    To access the CAM Workspace Home page, navigate to Workspaces > CAM Workspace within your ServiceNow instance.

    Key Features

    • Authorization Boundaries: Defines the scope of systems managed by CAM. Visual charts display the total boundaries by operational status, mission-critical boundaries, and package counts by NFT (NIST Framework Task) steps.
    • Packages by Impact and Step: Provides insights into active packages categorized by impact level (low, medium, high) and their current NFT lifecycle steps such as Select, Implement, Assess, Authorize, and Monitor.
    • Aging of Packages: Tracks the duration packages spend at each NFT step, helping identify delays or regressions in authorization processing.
    • Tracking Widgets: Monitor active controls, control tests, and Plan of Action and Milestones (POA&Ms) with visual indicators of compliance, overdue items, and priority levels.
    • Tasks Section: Displays pending tasks assigned to you and your groups, with an option to view all tasks for comprehensive task management.

    Roles and Permissions

    Effective use of the CAM Workspace requires specific roles, each enabling targeted management capabilities:

    • Authorization Official: Approves and updates authorization packages.
    • CAM Admin: Performs all CAM system administration tasks.
    • Executive Reader and Reader: Provide read-only access to the CAM Workspace.
    • Information Owner: Updates information types within authorization packages.
    • Information System Security Manager and Officer: Manage and verify operational security postures.
    • Scheduler: Runs scheduled jobs for CAM.
    • Security Control Assessor: Conducts assessments of security controls.
    • System Owner and System User: Manage system acquisition, maintenance, and boundary configurations.

    Practical Benefits

    By leveraging the CAM Workspace Home page, ServiceNow customers can efficiently oversee the compliance status of their security authorization packages and controls. The visual dashboards and real-time tracking assist in proactive risk management, timely task completion, and alignment with NIST RMF requirements, thereby strengthening organizational security governance.

    The CAM Workspace is a centralized hub where you can continuously monitor and manage compliance of users and systems with the NIST Risk Management Framework to ensure adherence to your security policies and guidelines.

    Accessing the Home page

    Navigate to Workspaces > CAM Workspace.

    CAM home page displaying the overall status of the CAM objects.

    Overview section

    Authorization boundaries define the scope of a particular system that can be continuously managed and monitored using the CAM application.

    Total boundaries
    The donut chart displays the relative proportion of total boundaries present in your organization based on operational status.
    Packages by step
    The bar chart displays the count of packages in each NFT step. However, there’s only one package that is active for the selected boundary.
    Mission critical boundaries
    The bar chart displays the count of mission-critical boundaries by operational status.
    Packages by impact
    Active packages are characterized as low, medium, or high impact and in NFT states such as Select, Implement, Assess, Authorize, and Monitor.
    Aging of Packages
    Track the ageing of the package at different steps, showing you for how many days the authorization package stayed in each step. If the package moves back to a previous step, the widget will clear the number of days recorded for the subsequent steps. Only the days spent in the current step and the previous step are displayed.

    Tracking section

    Tracks the active controls, control tests, and plan of action and milestones (POA&Ms) as separate widgets to give an overall status of these CAM objects.

    Controls report
    Total count of active, compliant, non-compliant controls. The pie chart displays the status proportionally.
    Control tests report
    Total count of active and overdue control tests and count of control tests in the Open, Work in Progress, and Review statuses. For these CAM control tests, the parent is an engagement and the engagement is associated with the authorization package.
    POA&Ms report
    Counts of open and overdue POA&Ms and the stacked horizontal chart depicts their priority status. POA&Ms are issues related to an authorization package, or control, engagement, control test of the package.

    Tasks section

    Displays your and your group's pending tasks. Select View all tasks to open the Tasks landing page as described in Monitor and manage CAM tasks.

    CAM roles that are required for particular tasks are listed in CAM user roles.

    Required roles

    • Authorization Official (sn_irm_cont_auth.authorization_official), to approve and update authorization packages.
    • CAM admin (sn_irm_cont_auth.admin), to perform all system admin tasks in CAM.
    • Executive Reader (sn_irm_cont_auth.executive_read), to read CAM Workspace.
    • Information Owner (sn_irm_cont_auth.information_owner), to update information types of an authorization package.
    • Information System Security Manager (sn_irm_cont_auth.info_system_sec_manager), to conduct information system security management activities.
    • Information System Security Officer (sn_irm_cont_auth.info_system_sec_officer), to verify that the appropriate operational security posture is maintained for an information system.
    • Reader (sn_irm_cont_auth.reader), to read CAM Workspace.
    • Scheduler (sn_irm_cont_auth.scheduler), to run all scheduled jobs for the application.
    • Security Control Assessor (sn_irm_cont_auth.sec_control_assessor), to conduct a thorough assessment of the management, operational, and technical security controls of an information system.
    • System Owner (sn_irm_cont_auth.system_owner), to procure, develop, integrate, modify, operate, and maintain an information system.
    • System User (sn_irm_cont_auth.system_user), to update authorization boundaries, set boundary filter, elements, milestones, and acceptance tasks.

    Access the Home page of the CAM Workspace

    To access the Home page, navigate to All > CAM Workspace.