Download Publication

Consensus Assessment Initiative Questionnaire (CAIQ) v3.1
Consensus Assessment Initiative Questionnaire (CAIQ) v3.1

Consensus Assessment Initiative Questionnaire (CAIQ) v3.1

Release Date: 04/01/2020

The Consensus Assessments Initiative Questionnaire (CAIQ) v3.1. offers an industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS services, providing security control transparency. It provides a set of Yes/No questions a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the Cloud Controls Matrix (CCM).   

Therefore, it helps cloud customers to gauge the security posture of prospective cloud service providers and determine if their cloud services are suitably secure. CAIQ v3.1 represents a minor update to the previous CAIQ v3.0.1. In addition to improving the clarity and accuracy, it also supports better auditability of the CCM controls. The new updated version aims to not only correct errors but also appropriately align and improve the semantics of unclear questions for corresponding CCM v3.0.1 controls. In total, 49 new questions were added, and 25 existing ones were revised.   

The CAIQ and CCM are the documents used by CSPs to submit to the CSA STAR Registry.

CAIQ Lite | Cloud Controls Matrix | Related Certificates & Training | STAR Program

NOTE:  This version of the CAIQ released on the first of April includes the mappings with other standards.

Help CSA better understand how we can support the cloud community. Answer a couple of questions to download this resource.

In my current job I work in:

CSA is a community driven organization. We would like to send you updates about our ongoing initiatives and opportunities to participate.

By opting into this agreement I am indicating that I want to receive email updates from CSA on related projects. (Marketing purposes, Section 3 of the Privacy Policy).

You’ve made safer cloud computing possible.