Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
What is CAIQ?
Published: 09/01/2021

CCM, STAR, CCSK, CCAK – the Cloud Security Alliance is rolling in acronyms that you might not be familiar with yet. In this post, we’re going to get you up to speed on one of our most useful tools for cloud security transparency: the CAIQ.A Questionnaire for Transparency and AssuranceCAIQ is an a...

CCM Testimonial: The Advantages and Future of the Cloud Controls Matrix
Published: 08/12/2021

The Cloud Controls Matrix (CCM) is composed of 197 control objectives that cover all key aspects of cloud technology. It can be used as a tool for the systematic assessment of cloud implementation and provides guidance on which security controls should be implemented by which actor within the clo...

The Visionary CCM/CAIQ v4 Early Adopters
Published: 08/06/2021
Author: John DiMaria

This blog was updated on 8/16/21 with the news that organizations can now submit CAIQ v4 to the STAR Registry.The Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing aligned to CSA best practices and is considered the de-facto standard for cloud security and priva...

How is CSA STAR Different From ISO 27001 and SOC 2?
Published: 08/02/2021

The STAR Registry lists cloud solution providers and security providers that have earned a cloud compliance certification from CSA or submitted a cloud security self-assessment questionnaire. While STAR Level 1 is a basic Yes/No or N/A question set to self-declare your compliance with the Cloud C...

CAIQ v4 Released - Changes from v3.1 to v4
Published: 06/07/2021
Author: Daniele Catteddu

This blog was updated on 8/16/21 with the news that organizations can now submit CAIQ v4 to the STAR Registry.Since the publication of CCM v4 in January 2021, CSA has initiated a process to upgrade CAIQ, the questionnaire associated with CCM. In this blog we will explain changes made to version 4...

CCM v4 FAQ - Transition Timeline
Published: 02/04/2021

This blog was updated on 10/11/21 with the latest information regarding the release timeline for CCM v4 components and transition timeline for the STAR Registry.On January 21st CSA released version 4 of the Cloud Controls Matrix (CCM). The new version ensures coverage of requirements deriving fr...

What is the Cloud Controls Matrix (CCM)?
Published: 10/16/2020

By Eleftherios Skoutaris, Program Manager for CCM Working Group at Cloud Security AllianceWhat is the Cloud Controls Matrix?The CSA Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing. It is a spreadsheet that lists 16 domains covering all key aspects of cloud tec...

Why use the CAIQ for vendor analysis vs. other questionnaires?
Published: 04/04/2020
Author: John DiMaria

Security assessments, security questionnaires, vendor assessments, RFPs are all unavoidable in today’s world of cloud computing and drain valuable resources and time when completing them. However, they’re a big part of closing new deals and maintaining or up-selling to existing accounts. If you a...

It's all about the Data! - Preventative Security
Published: 10/08/2019

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceI have always said I am a "data guy." Decisions made with data eliminate all bias, opinions, and ad hoc decisions that cause potential costly moves.In my most recent podcast interview with Phillip Merrick, CEO of Fugue, he di...

CAIQ V3 Updates
Published: 09/17/2019

Cloud Security Alliance (CSA) would like to present the next version of the Consensus Assessments Initiative Questionnaire (CAIQ) v3.1.The CAIQ offers an industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS services, providing security control transparency. It pr...

Using The CAIQ-Lite to Assess Third Party Vendors
Published: 07/01/2019

By Dave Christiansen, Marketing Director, WhisticThe mere mention of “security questionnaires” can evoke thoughts of hundreds of questions aimed at auditing internal processes in order to mitigate third party risk. This typically means a lengthy process prime to be optimized. While we don’t disag...

CSA STAR – The Answer to Less Complexity and Higher Level of Compliance
Published: 03/28/2019

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceCSA STAR enables a higher level of compliance, data governance, reduced risk and more cost-effective management of your security and privacy systemWe just launched a major refresh of the CSA STAR (Security, Trust and Assuranc...

Introducing CAIQ-Lite
Published: 03/01/2019

By Dave Christiansen, Marketing Director, WhisticThe Cloud Security Alliance and Whistic are pleased to release CAIQ-Lite beta, a new framework for cloud vendor assessment.CSA and Whistic identified the need for a lighter-weight assessment questionnaire in order to accommodate the shift to cloud ...

Browse by Topic
Write for the CSA blog
Submit your blog proposal