Continuous Authorization and Monitoring release notes

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Continuous Authorization and Monitoring release notes

    The ServiceNow® Continuous Authorization and Monitoring (CAM) application offers a structured approach based on the NIST Risk Management Framework to define authorization packages and manage their seven stages. The Australia release introduces enhancements aimed at streamlining compliance reporting, accelerating package progression, and enriching control management.

    Show full answer Show less

    Key Features

    • OSCAL Data Import/Export: Support for importing and exporting OSCAL data in Assessment Plan (AP) and Assessment Results (AR) formats, improving compliance data handling and reporting.
    • Skip Attestation Stage: Option to bypass the attestation stage for all controls within a package, enabling controls to move directly to the monitoring phase, which speeds up package lifecycle progression.
    • Enhanced Control Tailoring Requests: Ability to raise requests to incrementally modify control sets, including adding or modifying overlay controls, without resetting the entire package lifecycle.
    • Improved OSCAL Data Fields: Additional control fields are now populated during OSCAL import/export to capture richer compliance details such as status, frequency, weighting, implementation statements, and control tailoring data.
    • Multi-Provider Inheritance: Controls can inherit requirements from multiple Common Control Providers (CCPs), eliminating the need for duplicate inherited controls from different sources.
    • Grid Views for Controls and Tests: Hierarchical data grids for editing implementation statements, attestation respondents, and control tests provide a more intuitive and efficient interface.
    • Workflow Configuration Enhancements: Improved configuration options for control button visibility, UI page access, and related list actions across workflow steps without requiring custom scripting.
    • UI and Properties Improvements: New structured vertical layout for package detail forms and configurable workspace homepage title, along with additional UI page properties.

    Activation Information

    The Continuous Authorization and Monitoring application is available through the ServiceNow Store. Customers can request installation via the store, where they can also access cumulative release notes and version history for ongoing updates.

    The ServiceNow® Continuous Authorization and Monitoring application provides a structured approach to defining an authorization package and walking through the seven stages of the NIST Risk Management Framework. Continuous Authorization and Monitoring was enhanced and updated in the Australia release.

    Continuous Authorization and Monitoring highlights for the Australia release

    • Import and export OSCAL data for Assessment Plan (AP) and Assessment Results (AR) formats to streamline compliance reporting.
    • Skip the attestation stage for all controls in a package and move controls directly to the Monitor step to accelerate package progression.
    • Populate additional control fields when importing and exporting OSCAL data for SSP, AP, and AR formats to capture richer compliance details.
    • Raise control tailoring requests to make incremental changes to control sets in authorized packages without resetting the entire package life cycle.

    See Continuous Authorization and Monitoring for more information.

    Important:
    Continuous Authorization and Monitoring is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.

    New in the Australia release

    Support for exporting and importing the OSCAL Assessment Results (AR) model
    After upgrading to version 22.3.3, Continuous Authorization and Monitoring supports import and export of OSCAL data for Assessment Results (AR) format.
    Skip attestations configuration for controls within a package
    After upgrading to version 22.3.3, skip the attestation stage at the package level and move controls directly from Draft to Review without completing the attestation workflow.
    Control tailoring request enhancements
    After upgrading to version 22.3.3, control tailoring requests support changes to overlay controls. You can add new overlay controls or modify existing ones within a control tailoring request.
    OSCAL export and import enhancements

    After upgrading to version 22.0.2, OSCAL import and export support additional details for various records, including status, frequency, weighting, implementation statement, control tailoring requests, overlays, and activities.

    Support for exporting and importing the OSCAL Assessment Plan (AP) model
    After upgrading to version 22.0.2, Continuous Authorization and Monitoring supports import and export of OSCAL data for Assessment Plan (AP) format.
    Request control tailoring
    After upgrading to version 22.0.2, make incremental changes to control sets while preserving the state of unchanged controls without having to reset the entire package life cycle. Supported modifications include adding new controls, marking controls as not applicable, changing control allocation (baseline to inherited or hybrid), and modifying inheritance configurations.
    Inherit from multiple providers
    After upgrading to version 22.0.2, Controls can inherit individual control requirements from multiple Common Control Providers (CCPs) across different authorization packages. Previously, inheritance was limited to a single provider per control, which required creating duplicate inherited controls when requirements came from different sources.
    Control grid view
    After upgrading to version 22.0.2, edit implementation statements and attestation respondents directly in a hierarchical data grid through the Controls tab in an authorization package.
    Control tests grid view in Engagements
    After upgrading to version 22.0.2, toggle between traditional related list and hierarchical data grid on the Control tests tab. Changes to assessment procedure effectiveness automatically cascade to parent control test effectiveness.

    Package detail forms now use a structured vertical layout instead of the previous horizontal tab arrangement.

    CAM workflow configuration enhancements
    After upgrading to version 22.0.2, configure control button visibility, UI page access, and related list actions across different workflow steps. Previously, related list actions (such as add or remove buttons for information types or baseline control actions) required manual scripting to support custom workflows.
    The following new state model attributes have been introduced:
    • Required Authorization Documents Page
    • Required Overlay Page
    • Required Information Type Actions
    • Required Baseline Actions
    • Required Overlay Actions
    • Request Control Tailoring
    • Generate OSCAL AP
    • Generate OSCAL AR

    UI changes

    Properties page enhancements
    The Properties page includes new configuration options:
    • Use Homepage Title to customize the workspace homepage name.
    • The Days Before Next Authorization property is now available on the UI page.

    Activation information

    Install Continuous Authorization and Monitoring by requesting it from the ServiceNow Store. Visit the ServiceNow Store to view all the available apps, and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.