Fields on the Authorization Boundary form

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Fields on the Authorization Boundary form

    The Authorization Boundary form is essential for defining the scope of a system that can be managed and monitored using the CAM application. It provides crucial fields to capture information about the boundary, including its name, operational status, and types of classifications.Key FeaturesName:A unique and descriptive identifier for the boundary.Description:A detailed explanation of the boundary.Operational Status:Options to manually set or auto-populate the status, including Under Development, Reauthorize, Operational, and Decommissioned.System Owner:Individual responsible for the system's lifecycle management.Information Owners:Individuals with authority over the system's data management.Boundary Type:Options include General Support System, Major App, Minor App, Sub System, and Closed System.Classification:Classification types include Confidential, Secret, Top Secret, Sensitive but Unclassified, and Controlled Unclassified Information (CUI).Diagrams:Option to include data flow, network, and boundary diagrams if necessary.Key OutcomesBy accurately filling out the Authorization Boundary form, ServiceNow customers can ensure their systems are properly classified and managed, facilitating compliance with security protocols and enhancing the overall governance of information systems. The operational status feature automates updates based on predefined timelines, improving efficiency in authorization processes.

    Show full answer Show less

    An authorization boundary defines the scope of a particular system that can be continuously managed and monitored using the CAM application.

    Table 1. Authorization Boundary form
    Field Description
    Name A unique and descriptive name for this boundary.
    Description A description for this boundary.
    Operational status Option to set the status of the boundary manually or auto-populate. The operational status:
    • Under development
    • Reauthorize
      The system automatically updates the operational status from Operational to Reauthorize based on:
      • When the Next Authorization Date selected in the authorization package is within the number of days given in the CAM system property.
      • sn_irm_cont_auth.days_before_boundary_reauthorizes configured in the system properties. The default value is 180 days. To update the value navigate to All > sys_properties.LIST. Enter sn_irm_cont_auth.days_before_boundary_reauthorizes in the filter search bar. Open the record and update the Value.
    • Operational

      Auto-populated when the active Authorization Packages get authorized and moves from Authorize to Monitor state.

    • Decommissioned
    Mission critical Option to set the boundary as mission-critical.
    System owner The individual responsible for procuring, developing, integrating, modifying, operating, and maintaining an information system.
    Information owners The individuals responsible for statutory, management, and operational authority.
    System users Responsible for performing the actual work on the system.
    Diagrams If needed, or if you don’t have a Configuration Management Database (CMDB), add data flow, network, and boundary diagrams.
    Boundary type Option to set the type of the boundary. The types are as follows.
    • GSS: General Support System (GSS) is a collection of connected IT resources managed together, including hardware, software, data, applications, and people.
    • Major app: An application that handles sensitive information and requires special security oversight due to the high risk if the data is lost, misused, or accessed without authorization.
    • Minor app: An application that needs security protection but has lower risk than a major application. Minor applications are typically included as part of a general support system.
    • Sub system: A major component of a larger information system that performs specific functions.
    • Closed system: A self-contained system that operates only within your organization and doesn’t connect to external systems.
    Classification Option to set the classification of the boundary. The types are as follows.
    • Confidential: Lowest level of classified information that requires protection from unauthorized disclosure.
    • Secret: Mid-level classified information that requires substantial protection and restricted access.
    • Top secret: Highest level of classified information that requires maximum protection and stringent access controls.
    • Sensitive but unclassified: Non-classified information that requires protection due to its sensitive nature such as personal, proprietary, or business-sensitive data).
    • CUI: Controlled unclassified information (CUI) requires specific safeguarding and handling per federal regulations or policies.