NIST 800-53A – assessment objectives are shipped by the ServiceNow base system with CAM application, which are mapped to the revision 5 control objectives.

Each of the test template, which is imported by the ServiceNow base system to CAM users for control objectives sourced by NIST 800-53 revision 5, has assessment procedure templates. As per NIST guideline, each assessment procedure template has an identifier and assessment objective. The assessment objective is the one which determines how the controls are tested.

A new CAM view is available for control test in which design effectiveness is removed and there is only operating effectiveness, which is named as Operational test.

In CAM, a control is tested at a more granular level with multiple assessment procedures. The control test measures the effectiveness of a control. The effectiveness of a control test is measured through its operating effectiveness and assessment procedure effectiveness, based on which the control effectiveness of the control test is determined. If the control test fails, it is indicative of the failure of the assessment objective as well.

New control test criteria such as Examine, Interview, and Test are available during control testing. These fields are read-only, however you can update these descriptions at the test template and test plan levels. A set of assessment procedures is available as a related list while control testing. Assessment procedures are at the objective level, and can be marked as not applicable in addition to being effective, ineffective, and none.