Monitoring and managing security from the CAM Workspace Home page

  • Release version: Washingtondc
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Monitoring and Managing Security from the CAM Workspace Home Page

    The CAM Workspace serves as a centralized hub for organizations to continuously monitor and assess users and systems, ensuring compliance with the NIST Risk Management Framework. This ensures adherence to security policies and guidelines.

    Show full answer Show less

    Key Features

    • Authorization Boundaries: Defines the scope for ongoing management and monitoring using the CAM application.
    • Total Boundaries: A donut chart visualizes the proportion of total operational boundaries in your organization.
    • Packages by Step: A bar chart displays the count of packages in each NFT step, highlighting only the active package for the selected boundary.
    • Mission Critical Boundaries: Displays mission-critical boundaries by operational status through a bar chart.
    • Active Packages: Categorized by impact levels (low, medium, high) and NFT states (Select, Implement, Assess, Authorize, Monitor).
    • Tracking Section: Provides widgets to track active controls, control tests, and plans of action and milestones (POA&Ms).
    • Controls Report: Shows the total count of active, compliant, and non-compliant controls in a pie chart.
    • Control Tests Report: Displays counts of active and overdue control tests across various statuses.
    • POA&Ms Report: Counts open and overdue POA&Ms, with a stacked horizontal chart depicting priority status.
    • Tasks Section: Displays pending tasks for the user and their group, with the option to view all tasks.

    Required Roles

    • Authorization Official
    • CAM Admin
    • Executive Reader
    • Information Owner
    • Information System Security Manager
    • Information System Security Officer
    • Reader
    • Scheduler
    • Security Control Assessor
    • System Owner
    • System User

    Next Steps

    To access the CAM Workspace Home page, navigate to All > CAM Workspace.

    The CAM Workspace is a centralised hub to continuously assess users and systems of an organization and monitor their compliance with NIST Risk Management Framework that ensures adherence to security policies and guidelines.

    Accessing the Home page

    Navigate to All > CAM Workspace.

    CAM home page displaying the overall status of the CAM objects.

    Overview section

    Authorization boundaries define the scope of a particular system that can be continuously managed and monitored using the CAM application.

    Total boundaries
    The donut chart displays the relative proportion of total boundaries present in your organization based on operational status.
    Packages by step
    The bar chart displays the count of packages in each NFT step. However, there is only one package that is active for the selected boundary.
    Mission critical boundaries
    The bar chart displays the count of mission-critical boundaries by operational status.
    Packages by impact
    Active packages are characterized as low, medium, or high impact and in NFT states such as Select, Implement, Assess, Authorize, and Monitor.

    Tracking section

    Tracks the active controls, control tests, and plan of action and milestones (POA&Ms) as separate widgets to give an overall status of these CAM objects.

    Controls report
    Total count of active, compliant, non-compliant controls. The pie chart displays the status proportionally.
    Control tests report
    Total count of active and overdue control tests and count of control tests in the Open, Work in Progress, and Review statuses. For these CAM control tests, the parent is an engagement and the engagement is associated with the authorization package.
    POA&Ms report
    Counts of open and overdue POA&Ms and the stacked horizontal chart depicts their priority status. POA&Ms are issues related to an authorization package, or control, engagement, control test of the package.

    Tasks section

    Displays your and your group's pending tasks. Select View all tasks to open the Tasks landing page as described in Monitor and manage CAM tasks.

    Required roles

    • Authorization Official (sn_irm_cont_auth.authorization_official), to approve and update authorization packages.
    • CAM admin (sn_irm_cont_auth.admin), to perform all system admin tasks in CAM.
    • Executive Reader (sn_irm_cont_auth.executive_read), to read CAM Workspace.
    • Information Owner (sn_irm_cont_auth.information_owner), to update information types of an authorization package.
    • Information System Security Manager (sn_irm_cont_auth.info_system_sec_manager), to conduct information system security management activities.
    • Information System Security Officer (sn_irm_cont_auth.info_system_sec_officer), to ensure that the appropriate operational security posture is maintained for an information system.
    • Reader (sn_irm_cont_auth.reader), to read CAM Workspace.
    • Scheduler (sn_irm_cont_auth.scheduler), to run all scheduled jobs for the application.
    • Security Control Assessor (sn_irm_cont_auth.sec_control_assessor), to conduct a thorough assessment of the management, operational, and technical security controls of an information system.
    • System Owner (sn_irm_cont_auth.system_owner), to procure, develop, integrate, modify, operate, and maintain an information system.
    • System User (sn_irm_cont_auth.system_user), to update authorization boundaries, set boundary filter, elements, milestones, and acceptance tasks.

    Access the Home page of the CAM Workspace

    To access the Home page, navigate to All > CAM Workspace.