Continuous Authorization and Monitoring release notes

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Continuous Authorization and Monitoring release notes

    The ServiceNow® Continuous Authorization and Monitoring (CAM) application delivers a standardized framework to define authorization packages and navigate the seven stages of the NIST Risk Management Framework. The Australia release introduces significant enhancements to improve data interoperability, workflow flexibility, and control management within the CAM lifecycle.

    Show full answer Show less

    Key Features

    • OSCAL Data Import/Export: Supports import and export of OSCAL Assessment Plan (AP) and Assessment Results (AR) formats, enhancing data exchange and compliance reporting.
    • Attestation Workflow Flexibility: Option to skip the attestation stage for all controls in a package, enabling controls to move directly from Draft to Review to streamline the process.
    • Control Tailoring Requests: Allows incremental changes to control sets without resetting the entire package lifecycle, including adding new overlay controls or modifying existing ones.
    • Enhanced Control Inheritance: Controls can inherit requirements from multiple Common Control Providers (CCPs), eliminating the need for duplicate controls across packages.
    • Improved User Interface: Introduction of hierarchical data grids for editing implementation statements and attestations, structured vertical layouts for package forms, and toggle views for control tests.
    • Workflow Configuration Enhancements: Improved control button visibility and related list actions across workflow steps without manual scripting; new state model attributes to manage authorization document requirements and control actions.
    • Properties Page Updates: Customizable homepage title and configuration for "Days Before Next Authorization" to better tailor the workspace experience.

    Activation and Availability

    Continuous Authorization and Monitoring is available through the ServiceNow Store. Customers can request installation via the store to access the latest version and features described in these release notes.

    The ServiceNow® Continuous Authorization and Monitoring application provides a standardized approach to defining an authorization package and walking through the seven stages of the NIST Risk Management Framework. Continuous Authorization and Monitoring was enhanced and updated in the Australia release.

    Continuous Authorization and Monitoring highlights for the Australia release

    • Import and export OSCAL data for Assessment Plan (AP) and Assessment Results (AR) formats.
    • Skip the attestation stage for all controls in a package and move controls directly to Monitor step.
    • Populate additional control fields when importing and exporting OSCAL data for SSP, AP, and AR formats.
    • Raise control tailoring requests to make incremental changes to control sets in authorized packages without resetting the entire package life cycle.

    See Continuous Authorization and Monitoring for more information.

    Important:
    Continuous Authorization and Monitoring is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.

    New in the Australia release

    Support for exporting and importing the OSCAL Assessment Results (AR) model
    After upgrading to version 22.3.3, Continuous Authorization and Monitoring supports import and export of OSCAL data for Assessment Results (AR) format.
    Skip attestations configuration for controls within a package
    After upgrading to version 22.3.3, skip the attestation stage at the package level and move controls directly from Draft to Review without going through the attestation workflow.
    Control tailoring request enhancements
    After upgrading to version 22.3.3, control tailoring requests support changes to overlay controls. Users can add new overlay controls or modify existing ones within a control tailoring request.
    OSCAL export and import enhancements

    After upgrading to version 22.0.2, OSCAL import and export support additional details for various records, including status, frequency, weighting, implementation statement, control tailoring requests, overlays, and activities.

    Support for exporting and importing the OSCAL Assessment Plan (AP) model
    After upgrading to version 22.0.2, Continuous Authorization and Monitoring supports import and export of OSCAL data for Assessment Plan (AP) format.
    Request control tailoring
    After upgrading to version 22.0.2, make incremental changes to control sets while preserving the state of unchanged controls without having to reset the entire package life cycle. Supported modifications include adding new controls, marking controls as not applicable, changing control allocation (baseline to inherited or hybrid), and modifying inheritance configurations.
    Inherit from multiple providers
    After upgrading to version 22.0.2, Controls can inherit individual control requirements from multiple Common Control Providers (CCPs) across different authorization packages. Previously, inheritance was limited to a single provider per control, which required creating multiple duplicate inherited controls when requirements came from different sources.
    Control grid view
    After upgrading to version 22.0.2, edit implementation statements and attestation respondents directly in a hierarchical data grid through the Controls tab in an authorization package.
    Control tests grid view in Engagements
    After upgrading to version 22.0.2, toggle between traditional related list and hierarchical data grid on the Control tests tab. Changes to assessment procedure effectiveness automatically cascade to parent control test effectiveness.

    Package detail forms now use a structured vertical layout instead of the previous horizontal tab arrangement.

    CAM workflow configuration enhancements
    After upgrading to version 22.0.2, control button visibility, UI page access, and related list actions across different workflow steps. Previously, related list actions (such as add or remove buttons for information types or baseline control actions) required manual scripting to support custom workflows.
    The following new state model attributes have been introduced:
    • Required Authorization Documents Page
    • Required Overlay Page
    • Required Information Type Actions
    • Required Baseline Actions
    • Required Overlay Actions
    • Request Control Tailoring
    • Generate OSCAL AP
    • Generate OSCAL AR

    UI changes

    Properties page enhancements
    The Properties page includes new configuration options:
    • Homepage Title enables you to customize the workspace homepage name.
    • The Days Before Next Authorization property is now available on the UI page.

    Activation information

    Install Continuous Authorization and Monitoring by requesting it from the ServiceNow Store. Visit the ServiceNow Store to view all the available apps, and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.