Cloud Security Alliance (CSA) would like to present the next version of the
Consensus Assessments Initiative Questionnaire (CAIQ) v3.1.
The CAIQ offers an industry-accepted way to document what security controls
exist in IaaS, PaaS, and SaaS services, providing security control
transparency. It provides a set of Yes/No questions a cloud consumer and
cloud auditor may wish to ask of a cloud provider to ascertain their
compliance to the Cloud Controls Matrix (CCM). Therefore, it helps cloud
customers to gauge the security posture of prospective cloud service
providers and determine if their cloud services are suitably secure.
CAIQ v3.1 represents a minor update to the previous CAIQ v3.0.1. In
addition to improving the clarity and accuracy, it also supports better
auditability of the CCM controls. The new updated version aims to not only
correct errors but also appropriately align and improve the semantics of
unclear questions for corresponding CCM v3.0.1 controls. In total, 49 new
questions were added, and 25 existing ones were revised.
For this new CAIQ version, CSA took into account the combined comprehensive
feedback that was collected over the years from its partners, the industry
and the CCM working group.