Consensus Assessments Working Group
Introduction to the Consensus Assessments Working Group
Lack of security control transparency is a leading inhibitor to the adoption of cloud services. The Cloud Security Alliance Consensus Assessments Initiative (CAI) was launched to perform research, create tools and create industry partnerships to enable cloud computing assessments. We are focused on providing industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings, providing security control transparency. This effort by design is integrated with and will support other projects from our research partners.
The Latest Questionnaire is Version 3.0.1
Consensus Assessments Working Group Leadership
Consensus Assessments Co-chairs
Senior Security Strategist in the Global Security Strategy and Diplomacy (GSSD) team at Microsoft
Ms. Laura Posey focuses on driving strategic change, both within Microsoft and externally, to advance cyber security and resiliency. In her role, Ms. Posey draws upon her 12+ years of experience in the technology space to address global challenges related to information assurance and security policy and standards with a special focus on the challenges of government organizations worldwide.
Ms. Posey is a strong voice representing Microsoft in the Cloud Security Alliance (CSA) on issues representing both consumers and providers of Cloud services and technology and a supporting member of SAFECODE, addressing supply chain integrity best practices. Prior to joining the GSSD team, Ms. Posey worked in engineering organizations at Microsoft, most notably on the BitLocker Drive Encryption product and on the Next Generation Secure Computing Base project (NGSCB), which also incorporated TPM technologies. Ms. Posey’s role within these organizations included interfacing with government information assurance organizations worldwide disseminating forensics and cryptography details for the products to these organizations. Ms. Posey was awarded 2 patents for her work in these technologies.
In her early days at Microsoft, Ms. Posey led program management teams at msn.com and its predecessor, sidewalk.com, drawing on her design and user experience background in building online applications for Charles Schwab and Wells Fargo Bank in San Francisco, CA. Prior to her career in technology, Ms. Posey worked for the Japanese Ministry of Education, Culture, Sports, Science and Technology (Monbusho) in Hokkaido, Japan, serving as a Ministry representative to the local Board of Education and liaison to the local mayor’s office. Her duties included English education, written and verbal translation for several local government offices, and assistance in the town’s foreign exchange programs with Australia and Canada. Ms. Posey holds a Bachelors of Arts in both Asian Studies and Communications from the University of North Carolina at Chapel Hill.
Consensus Assessments Advisors
Becky Swain is a Partner with EKKO Consulting, Founding Member of the Cloud Security Alliance (CSA) and the Security Lead for the Cloud Network of Women (CloudNOW) Special Interest Group (SIG). She has over 13 years of strategic and applied information security expertise with both a broad and deep understanding of the design and effectiveness of policies, processes, architectures, and internal controls.
Founder of Cloud Watchmen, Inc.
Prior to establishing his company, Cloud Watchmen, Inc., Mr. Cordero served as the CSO for EdFund, where his team oversaw information security for an over $39B loan portfolio. His previous roles included: Director of Security and Compliance for Charlotte Russe, and global leader for Life Technologies distributed systems program. Mr. Cordero regularly presents at leading industry and academic conferences including CSO Magazine, the High Technology Crimes Association, and UC Davis, where he has shared his dynamic and pragmatic approach to information security.
Evelyn de Souza
Senior Security Strategist at Cisco
Evelyn is responsible for championing holistic security solutions that address emerging industry trends such as cloud, data center SDN and mobile. She is a strong proponent of building automated, repeatable processes that enable organizations to sustain compliance while optimizing security posture and reducing costs. To this end, Evelyn co-chairs the Cloud Security Alliance Cloud Controls Matrix (CCM) which harmonizes regulations and industry standards to a common framework and according to cloud model to enable reduce audit complexity. Evelyn has a weekly column on WIRED Insights and frequently posts at CloudTweaks, Internet Evolution and 21st Century. Evelyn is also a regular speaker at industry conferences and can be followed on Twitter @e_desouza.
Consensus Assessments Working Group Initiatives
There are no open initiatives at this time.
Consensus Assessments Working Group Calendar
Consensus Assessments Working Group News
July 11, 2014
We are very excited to announce the soft launch of the CCM and CAIQ v.3.0.1. We invite you to download both documents during this early review period
April 09, 2014
CSA has kicked off the Consensus Assessment Initiative Questionnaire (CAIQ) v3.0.1 open peer review period, to be held now through May 8, 2014.
March 19, 2014
Evelyn de Souza is a Data Privacy and Compliance Leader at Cisco Systems, where she focuses on developing blueprints and holistic solutions to help organizations embrace the cloud securely and ensure data privacy in an agile manner.
November 07, 2013
Cloud Security Alliance Annual Congress to Serve as Launchpad for New Research, Guidance Reports and Working Groups
CSA today released its planned research agenda and a preview of new working groups to be launched at the upcoming CSA Congress 2013, taking place December 4-5 in Orlando.
September 12, 2012
CSA warmly invites interested individuals to step forward to contribute to an initiative which promotes cloud security for customers and providers.
November 16, 2011
CSA today announced that Google, Verizon, Intel, McAfee, and Microsoft plan to submit reports to the CSA Security, Trust and Assurance Registry (STAR), a newly announced, free and publicly accessible registry that documents the security controls provided by various cloud computing offerings.
August 16, 2011
The Cloud Security Alliance announces two upcoming opportunities to learn more about its CSA STAR Registry. These public webcast briefings will be held August 18th and 23rd and will cover general information about the STAR Registry and the proper use of linked documents from the GRC Stack.
August 04, 2011
Media Advisory: CSA Announces STAR – CSA Security, Trust and Assurance Registry – To Help Users Assess Security of Cloud Providers
The Cloud Security Alliance (CSA) today announced the launch of a new initiative to encourage transparency of security practices within cloud providers.
November 17, 2010
The Cloud Security Alliance (CSA) today announced the availability of the CSA Governance, Risk Management and Compliance (GRC) Stack, a suite of enabling tools for GRC in the cloud, now available for free download at https://cloudsecurityalliance.org/research/projects/grc-stack/.
October 12, 2010
The Cloud Security Alliance today has announced the release of version 1.0 of the Consensus Assessments Initiative Questionnaire.
Consensus Assessments Working Group Downloads
Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”
Release Date: July 11, 2014
Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.
Release Date: September 01, 2011