Industry Insights

Read the latest cloud security news, trends, and thought leadership from subject matter experts.

Industry Insights
CAIQ v4 Released - Changes from v3.1 to v4
Published: 06/07/2021
Author: Daniele Catteddu

Since the publication of CCM v4 in January 2021, CSA has initiated a process to upgrade CAIQ, the questionnaire associated with CCM. In this blog we will explain changes made to version 4 of the CAIQ, and what you can expect when using it to submit to the STAR registry. CCM V4 represents a major ...

CCM v4 FAQ - Transition Timeline
Published: 02/04/2021

This blog was updated on 5/19/21 with the latest information regarding the release timeline for CCM v4 components and transition timeline for the STAR Registry.On January 21st CSA released version 4 of the Cloud Controls Matrix (CCM). The new version ensures coverage of requirements deriving fro...

What is the Cloud Controls Matrix (CCM)?
Published: 10/16/2020

By Eleftherios Skoutaris, Program Manager for CCM Working Group at Cloud Security AllianceWhat is the Cloud Controls Matrix?The CSA Cloud Controls Matrix (CCM) is a cybersecurity control framework for cloud computing. It is a spreadsheet that lists 16 domains covering all key aspects of cloud tec...

Why use the CAIQ for vendor analysis vs. other questionnaires?
Published: 04/04/2020
Author: John DiMaria

Security assessments, security questionnaires, vendor assessments, RFPs are all unavoidable in today’s world of cloud computing and drain valuable resources and time when completing them. However, they’re a big part of closing new deals and maintaining or up-selling to existing accounts. If you a...

It's all about the Data! - Preventative Security
Published: 10/08/2019

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceI have always said I am a "data guy." Decisions made with data eliminate all bias, opinions, and ad hoc decisions that cause potential costly moves.In my most recent podcast interview with Phillip Merrick, CEO of Fugue, he di...

CAIQ V3 Updates
Published: 09/17/2019

Cloud Security Alliance (CSA) would like to present the next version of the Consensus Assessments Initiative Questionnaire (CAIQ) v3.1.The CAIQ offers an industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS services, providing security control transparency. It pr...

Using The CAIQ-Lite to Assess Third Party Vendors
Published: 07/01/2019

By Dave Christiansen, Marketing Director, WhisticThe mere mention of “security questionnaires” can evoke thoughts of hundreds of questions aimed at auditing internal processes in order to mitigate third party risk. This typically means a lengthy process prime to be optimized. While we don’t disag...

CSA STAR – The Answer to Less Complexity and Higher Level of Compliance
Published: 03/28/2019

By John DiMaria, Assurance Investigatory Fellow, Cloud Security AllianceCSA STAR enables a higher level of compliance, data governance, reduced risk and more cost-effective management of your security and privacy systemWe just launched a major refresh of the CSA STAR (Security, Trust and Assuranc...

Introducing CAIQ-Lite
Published: 03/01/2019

By Dave Christiansen, Marketing Director,WhisticThe Cloud Security Alliance and Whistic are pleased to release CAIQ-Lite beta, a new framework for cloud vendor assessment.CSA and Whistic identified the need for a lighter-weight assessment questionnaire in order to accommodate the shift to cloud p...

Browse by Topic
Write for the CSA blog
Submit your blog proposal