Cloud 101CircleEventsBlog
Take the Understanding Data Risk Survey to help shape the future of data security!

Download Publication

Consensus Assessment Initiative Questionnaire (CAIQ) v3.1 [No Longer Accepted]
Consensus Assessment Initiative Questionnaire (CAIQ) v3.1 [No Longer Accepted]

Consensus Assessment Initiative Questionnaire (CAIQ) v3.1 [No Longer Accepted]

Release Date: 04/01/2020

Working Group: Consensus Assessments

This version of the CAIQ is no longer accepted to the STAR Registry.  Please download the new version of CAIQ Version 4, which has been combined with the Cloud Controls Matrix. 



The Consensus Assessments Initiative Questionnaire (CAIQ) v3.1. offers an industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS services, providing security control transparency. It provides a set of Yes/No questions a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the Cloud Controls Matrix (CCM).  Therefore, it helps cloud customers to gauge the security posture of prospective cloud service providers and determine if their cloud services are suitably secure.

The CAIQ and CCM are used by CSPs to submit to the CSA STAR Registry. You can learn about the transition timeline for v3.1 to v4, and how that will affect submission to the STAR Registry in this blog


Download this Resource

Bookmark
Share
Related resources
NIST CSF v2 Cloud Community Profile - Based on CCM v4
NIST CSF v2 Cloud Community Profile - Based on ...
Informative Reference Details for the Mapping of CCM v4 to NIST CSF v2
Informative Reference Details for the Mapping o...
CCM v4.0 Implementation Guidelines
CCM v4.0 Implementation Guidelines
ChatGPT and GDPR: Navigating Regulatory Challenges
ChatGPT and GDPR: Navigating Regulatory Challenges
Published: 11/04/2024
Empowering Snowflake Users Securely
Empowering Snowflake Users Securely
Published: 11/01/2024
The EU Cloud Code of Conduct: Apply GDPR Compliance Regulations to the Cloud
The EU Cloud Code of Conduct: Apply GDPR Compliance Regulations to ...
Published: 10/31/2024
How to Get your Cyber Essentials Certification: A Process Guide
How to Get your Cyber Essentials Certification: A Process Guide
Published: 10/31/2024

Acknowledgements

Michael Roza
Michael Roza
Risk, Audit, Control and Compliance Professional at EVC

Michael Roza

Risk, Audit, Control and Compliance Professional at EVC

Since 2012 Michael has contributed to over 100 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud K...

Read more

Victor Chin Headshot Missing
Victor Chin

Victor Chin

Jon-Michael Brook
Jon-Michael Brook

Jon-Michael Brook

Jon-Michael C. Brook is a certified, 25-year practitioner of cybersecurity, cloud, and privacy. He is the principal contributor to certification sites for privacy and cloud security, and has published books on privacy. Jon-Michael received numerous awards and recognition during his time with Raytheon, Northrop Grumman, Symantec, and Starbucks. He holds patents and trade secrets in intrusion detection, GUI design, and semantic data redaction...

Read more

Daniele Catteddu
Daniele Catteddu
Chief Technology Officer, CSA

Daniele Catteddu

Chief Technology Officer, CSA

Daniele Catteddu is an information security and risk management practitioner, technologies expert and privacy evangelist with over 15 of experience. He worked in several senior roles both in the private and public sector. He is member of various national and international security expert groups and committees on cyber-security and privacy, keynote speaker at several conferences and author of numerous studies and papers on risk management, ...

Read more

Shawn Harris
Shawn Harris
Director of Information Security

Shawn Harris

Director of Information Security

With more than 25 years of information security experience, Shawn Harris is currently the Director of Information Security at Starbucks Coffee Company. His background includes engineering, architecture, and executive responsibilities. Shawn is currently co-chair of the CSA Cloud Controls Matrix working group, where he led efforts to develop the Cloud Control Matrix 4.0. Additionally, he has served on CSA’s Consensus Assessments ...

Read more

Alain Pannetrat
Alain Pannetrat
Senior Researcher, STAR Product Manager, CSA

Alain Pannetrat

Senior Researcher, STAR Product Manager, CSA

Angela Dogan
Angela Dogan
Director, Vendor Risk Management and Compliance Services, Lynx Technology Partners

Angela Dogan

Director, Vendor Risk Management and Compliance Services, Lynx Technology Partners

Angela Dogan is the Director, Vendor Risk Management and Compliance Services for Lynx Technology Partners. Previously, she served as Senior Project Manager for the Santa Fe Group and Vendor Auditor for Resurgent Capital Services.

With 15 years in the financial services industry, she is well-versed in standardized control frameworks such as those created by the Shared Assessments Program and Cloud Security Alliance, where she is a memb...

Read more

Harry Lu
Harry Lu
Manager, PwC Cybersecurity

Harry Lu

Manager, PwC Cybersecurity

Harry Lu brings perspectives of Cloud Security from the professional services industry. He is currently an Associate Director with Protiviti’s Cloud Security team. Harry’s background includes security strategy planning, security operations development and security executive consulting roles. He has also had years of hands-on experience implementing cloud security technologies across SaaS, IaaS and hybrid cloud environments. From his experie...

Read more

Kevin Bugin Headshot Missing
Kevin Bugin

Kevin Bugin

Andrew Williams
Andrew Williams
Director of Program Development, Coalfire

Andrew Williams

Director of Program Development, Coalfire

Andrew Williams is the Director of Program Development at Coalfire. In this role, he is responsible for working closely with Coalfire customers, industry bodies and regulatory authorities, and internal stakeholders to ensure Coalfire’s services, delivery, and talent are aligned to the needs of the future compliance and security landscape.

Andrew previously worked as practice director for Coalfire’s cloud assessment and risk advisory...

Read more

Kevin Pike Headshot Missing
Kevin Pike

Kevin Pike

Dinesh Udaiwal Headshot Missing
Dinesh Udaiwal

Dinesh Udaiwal

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Related Certificates & Training