Continuous Authorization and Monitoring release notes

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Continuous Authorization and Monitoring release notes

    The ServiceNow® Continuous Authorization and Monitoring (CAM) application streamlines the process of defining authorization packages and managing the seven stages of the NIST Risk Management Framework (RMF). The Yokohama release introduces significant enhancements to improve security control assessments, reporting, and model import/export capabilities using the OSCAL format.

    Show full answer Show less

    Key Features

    • OSCAL Import Landing Page: Enables import of catalog and System Security Plan (SSP) models via a dedicated landing page, with an import status tracking feature.
    • OSCAL Export Functionality: Allows export of selected control objectives and SSP models in the OSCAL format for standardized data exchange.
    • Microsoft Word Reporting: New capability to generate key ATO artifacts—Security Assessment Plan (SAP), Authorization to Operate Letter, and Executive Summary—in Microsoft Word format, ensuring consistent formatting for sharing and review.
    • Report Template Customization: The Document Designer plugin enables creation of report templates in Microsoft Word or HTML, with a new module property to select the desired template format.

    Activation and Usage

    CAM is available for installation through the ServiceNow Store. Customers need to request the application via the store to enable CAM features. The release notes and version history are accessible through the ServiceNow Store for ongoing updates and cumulative information.

    Benefits for ServiceNow Customers

    • Standardized and streamlined compliance with NIST RMF using CAM’s structured authorization package workflow.
    • Improved interoperability and automation by supporting OSCAL import and export of security models and control objectives.
    • Enhanced reporting capabilities that produce professional and consistent ATO documentation in widely used Microsoft Word format.
    • Flexible report generation through customizable templates, facilitating tailored compliance documentation.

    The ServiceNow® Continuous Authorization and Monitoring (CAM) application provides a standardized approach to defining an authorization package and walking through the seven stages of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). CAM was enhanced and updated in the Yokohama release.

    CAM highlights for the Yokohama release

    • Import catalog and System Security Plan (SSP) models with the new CAM Open Security Controls Assessment Language (OSCAL) import landing page.
    • Export and import SSP models and catalog models in the OSCAL format.
    • Export control objectives as a catalog in the OSCAL format.
    • Generate additional reports in Microsoft Word format, such as a Security Assessment Plan (SAP), Authorization to Operate (ATO) Letter, and Executive Summary.
    • Generate reports based on a Microsoft Word template.

    See Continuous Authorization and Monitoring for more information.

    Important:
    Continuous Authorization and Monitoring is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.

    New in the Yokohama release

    OSCAL Import landing page
    Import files for catalog and SSP models on the new OSCAL Import landing page. Once the import process is initiated, you can check the status under the Import status section.
    OSCAL Export button
    Export selected control objectives in the OSCAL format with the new OSCAL Export button while in the control objectives list view.
    ATO artifacts in Microsoft Word
    Generate ATO artifacts from an authorization package in the Microsoft Word format. In CAM Workspace, you can use the Generate SSP drop-down list in a selected authorization package to generate the following reports:
    • Security Assessment Plan (SAP)
    • Authorization to Operate (ATO) Letter
    • Executive Summary

    This enhancement verifies that all ATO artifacts are formatted consistently and can be shared and reviewed.

    Changed in this release

    Generate the OSCAL SSP model of an authorization package
    Export the SSP model of an authorization package in the OSCAL format. The exported report contains only the control objectives linked to the authorization package and their additional information, such as inherited controls and the hierarchy of the control objectives.
    Generate ATO artifacts in Microsoft Word and HTML templates
    Use the Document designer plugin (com.sn_grc_doc_design) to create report templates in Microsoft Word. A new property module has been introduced to select the template type as a Microsoft Word template in addition to an HTML template.

    Activation information

    Install CAM by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.