Monitoring and managing security from the CAM Workspace Home page

  • Release version: Yokohama
  • Updated July 29, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Monitoring and managing security from the CAM Workspace Home page

    The CAM Workspace serves as a centralized hub for continuously monitoring and managing compliance of users and systems with the NIST Risk Management Framework. It helps ensure adherence to your organization's security policies and guidelines by providing real-time insights on authorization boundaries, packages, and mission-critical systems.

    Show full answer Show less

    Key Features

    • Authorization Boundaries: Define the scope of systems monitored in CAM. Visualize total boundaries by operational status using a donut chart.
    • Packages Monitoring: Track packages by NFT step, mission-critical status, and impact level (low, medium, high). Includes visualization of package aging to understand time spent in each step.
    • Tracking Controls and Issues: Monitor active controls, control tests, and plans of action and milestones (POA&Ms). Reports provide counts and statuses of compliant/non-compliant controls, control test progress, and open/overdue POA&Ms with priority visualization.
    • Tasks Management: Displays pending tasks for individual users and groups with the option to view all tasks on a landing page.
    • Role-Based Access: Specific CAM roles control access and permissions for managing authorization packages, security assessments, updating information, and running scheduled jobs. Key roles include Authorization Official, CAM Admin, Executive Reader, Information Owner, and others tailored to security management activities.

    Accessing the CAM Workspace Home page

    To access the CAM Workspace Home page, navigate through the ServiceNow interface via All > CAM Workspace. This provides a consolidated view for ongoing security compliance monitoring and management.

    Why This Matters

    Using the CAM Workspace Home page enables ServiceNow customers to maintain continuous oversight of their security posture, simplify compliance tracking, and efficiently manage security packages and related tasks. The dashboard’s visual summaries and role-based controls ensure that the right stakeholders have timely access to critical security information, supporting proactive risk management aligned with NIST standards.

    The CAM Workspace is a centralized hub where you can continuously monitor and manage compliance of users and systems with the NIST Risk Management Framework to ensure adherence to your security policies and guidelines.

    Accessing the Home page

    Navigate to All > CAM Workspace.

    CAM home page displaying the overall status of the CAM objects.

    Overview section

    Authorization boundaries define the scope of a particular system that can be continuously managed and monitored using the CAM application.

    Total boundaries
    The donut chart displays the relative proportion of total boundaries present in your organization based on operational status.
    Packages by step
    The bar chart displays the count of packages in each NFT step. However, there’s only one package that is active for the selected boundary.
    Mission critical boundaries
    The bar chart displays the count of mission-critical boundaries by operational status.
    Packages by impact
    Active packages are characterized as low, medium, or high impact and in NFT states such as Select, Implement, Assess, Authorize, and Monitor.
    Aging of Packages
    Track the ageing of the package at different steps, showing you for how many days the authorization package stayed in each step. If the package moves back to a previous step, the widget will clear the number of days recorded for the subsequent steps. Only the days spent in the current step and the previous step are displayed.

    Tracking section

    Tracks the active controls, control tests, and plan of action and milestones (POA&Ms) as separate widgets to give an overall status of these CAM objects.

    Controls report
    Total count of active, compliant, non-compliant controls. The pie chart displays the status proportionally.
    Control tests report
    Total count of active and overdue control tests and count of control tests in the Open, Work in Progress, and Review statuses. For these CAM control tests, the parent is an engagement and the engagement is associated with the authorization package.
    POA&Ms report
    Counts of open and overdue POA&Ms and the stacked horizontal chart depicts their priority status. POA&Ms are issues related to an authorization package, or control, engagement, control test of the package.

    Tasks section

    Displays your and your group's pending tasks. Select View all tasks to open the Tasks landing page as described in Monitor and manage CAM tasks.

    CAM roles that are required for particular tasks are listed in CAM user roles.

    Required roles

    • Authorization Official (sn_irm_cont_auth.authorization_official), to approve and update authorization packages.
    • CAM admin (sn_irm_cont_auth.admin), to perform all system admin tasks in CAM.
    • Executive Reader (sn_irm_cont_auth.executive_read), to read CAM Workspace.
    • Information Owner (sn_irm_cont_auth.information_owner), to update information types of an authorization package.
    • Information System Security Manager (sn_irm_cont_auth.info_system_sec_manager), to conduct information system security management activities.
    • Information System Security Officer (sn_irm_cont_auth.info_system_sec_officer), to verify that the appropriate operational security posture is maintained for an information system.
    • Reader (sn_irm_cont_auth.reader), to read CAM Workspace.
    • Scheduler (sn_irm_cont_auth.scheduler), to run all scheduled jobs for the application.
    • Security Control Assessor (sn_irm_cont_auth.sec_control_assessor), to conduct a thorough assessment of the management, operational, and technical security controls of an information system.
    • System Owner (sn_irm_cont_auth.system_owner), to procure, develop, integrate, modify, operate, and maintain an information system.
    • System User (sn_irm_cont_auth.system_user), to update authorization boundaries, set boundary filter, elements, milestones, and acceptance tasks.

    Access the Home page of the CAM Workspace

    To access the Home page, navigate to All > CAM Workspace.