In this tender the lot “Continuous Automated Monitoring” (CAM) is being awarded. The purpose of the service functions to be implemented is to provide transparency to the users of Gaia-X about the compliance of the individual services, offered in the Gaia-X Federated Catalogue (the Federated Catalogue is being awarded in a separate tender). The basis for this compliance are certain requirements and rules that Gaia-X itself has imposed on its system, i.e., requirements coming from the field of security, such as encryption, data privacy or interoperability.
The CAM service automatically gathers evidence that hint to a fulfillment of those requirements by a certain Gaia-X service as a whole or by a concrete instantiation of a particular service by a user.
This is achieved by automatically interacting with the service-under-test using standardized protocols and interfaces to retrieve technical evidence. For example, to check for the fulfillment of requirements regarding transport encryption, the CAM service might interact with the service using the TLS protocol and gather technical evidence regarding the used TLS version as well as employed cipher suites. This evidence is then later compared, e.g., evaluated, against a set of common best practices.