Consensus Assessments Working Group
Introduction to the Consensus Assessments Working Group
Lack of security control transparency is a leading inhibitor to the adoption of cloud services. The Cloud Security Alliance Consensus Assessments Initiative (CAI) was launched to perform research, create tools and create industry partnerships to enable cloud computing assessments. We are focused on providing industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings, providing security control transparency. This effort by design is integrated with and will support other projects from our research partners.
The Latest Questionnaire is Version 3.0.1
Consensus Assessments Working Group Leadership
Consensus Assessments Co-chairs
Ms. Laura Posey focuses on driving strategic change, both within Microsoft and externally, to advance cyber security and resiliency. In her role, Ms. Posey draws upon her 12+ years of experience in the technology space to address global challenges related to information assurance and security policy and standards with a special focus on the challenges of government organizations worldwide.
Ms. Posey is a strong voice representing Microsoft in the Cloud Security Alliance (CSA) on issues representing both consumers and providers of Cloud services and technology and a supporting member of SAFECODE, addressing supply chain integrity best practices. Prior to joining the GSSD team, Ms. Posey worked in engineering organizations at Microsoft, most notably on the BitLocker Drive Encryption product and on the Next Generation Secure Computing Base project (NGSCB), which also incorporated TPM technologies. Ms. Posey’s role within these organizations included interfacing with government information assurance organizations worldwide disseminating forensics and cryptography details for the products to these organizations. Ms. Posey was awarded 2 patents for her work in these technologies.
In her early days at Microsoft, Ms. Posey led program management teams at msn.com and its predecessor, sidewalk.com, drawing on her design and user experience background in building online applications for Charles Schwab and Wells Fargo Bank in San Francisco, CA. Prior to her career in technology, Ms. Posey worked for the Japanese Ministry of Education, Culture, Sports, Science and Technology (Monbusho) in Hokkaido, Japan, serving as a Ministry representative to the local Board of Education and liaison to the local mayor’s office. Her duties included English education, written and verbal translation for several local government offices, and assistance in the town’s foreign exchange programs with Australia and Canada. Ms. Posey holds a Bachelors of Arts in both Asian Studies and Communications from the University of North Carolina at Chapel Hill.
Consensus Assessments Advisors
Founder of Cloud Watchmen, Inc.
Sean Cordero brings more than 15 years of information security and IT experience to his current role. As director, information security at Optiv, Cordero provides executive level advisement for the company’s Fortune 50 clients.
Cordero’s prior leadership roles included: President of Cloud Watchmen, CSO for EdFund, CSO for ECMC West, Director of Security and Compliance for Charlotte Russe.
Cordero is a thought-leader and serves as chair of the Cloud Security Alliance’s (CSA) Cloud Control Matrix working group where he drives the development of security standards for cloud computing. Cordero was awarded the 2013 Ron Knode Service Award by the Cloud Security Alliance for his contributions to cloud research.
Cordero is active in the conference speaking circuit where he has presented for CSO magazine, the CSA, the High Technology Crimes Association, Secure360, the University of California, Bsides, and ISACA. Cordero is CISSP, CRISC, CISM and CISA.
Evangelized use of CCM and the CSA Security, Trust and Assurance Registry (STAR) across the industry at conferences, webinars and podcasts. Co-led the development of the CCM and helped drive CCM versions 1.3, 1.4, and 3.0. Recipient of 2013 Ron Knode Award.
Evelyn de Souza
Senior Security Strategist at Cisco
Evelyn is responsible for championing holistic security solutions that address emerging industry trends such as cloud, data center SDN and mobile. She is a strong proponent of building automated, repeatable processes that enable organizations to sustain compliance while optimizing security posture and reducing costs. To this end, Evelyn co-chairs the Cloud Security Alliance Cloud Controls Matrix (CCM) which harmonizes regulations and industry standards to a common framework and according to cloud model to enable reduce audit complexity. Evelyn has a weekly column on WIRED Insights and frequently posts at CloudTweaks, Internet Evolution and 21st Century. Evelyn is also a regular speaker at industry conferences and can be followed on Twitter @e_desouza.
Consensus Assessments Working Group Initiatives
Please contact Consensus Assessments Working Group Leadership for more information.
Other ways to Connect
Consensus Assessments Working Group News
July 11, 2014
We are very excited to announce the soft launch of the CCM and CAIQ v.3.0.1. We invite you to download both documents during this early review period
April 09, 2014
CSA has kicked off the Consensus Assessment Initiative Questionnaire (CAIQ) v3.0.1 open peer review period, to be held now through May 8, 2014.
March 19, 2014
Evelyn de Souza is a Data Privacy and Compliance Leader at Cisco Systems, where she focuses on developing blueprints and holistic solutions to help organizations embrace the cloud securely and ensure data privacy in an agile manner.
November 07, 2013
Cloud Security Alliance Annual Congress to Serve as Launchpad for New Research, Guidance Reports and Working Groups
CSA today released its planned research agenda and a preview of new working groups to be launched at the upcoming CSA Congress 2013, taking place December 4-5 in Orlando.
September 12, 2012
CSA warmly invites interested individuals to step forward to contribute to an initiative which promotes cloud security for customers and providers.
November 16, 2011
CSA today announced that Google, Verizon, Intel, McAfee, and Microsoft plan to submit reports to the CSA Security, Trust and Assurance Registry (STAR), a newly announced, free and publicly accessible registry that documents the security controls provided by various cloud computing offerings.
August 16, 2011
The Cloud Security Alliance announces two upcoming opportunities to learn more about its CSA STAR Registry. These public webcast briefings will be held August 18th and 23rd and will cover general information about the STAR Registry and the proper use of linked documents from the GRC Stack.
August 04, 2011
Media Advisory: CSA Announces STAR – CSA Security, Trust and Assurance Registry – To Help Users Assess Security of Cloud Providers
The Cloud Security Alliance (CSA) today announced the launch of a new initiative to encourage transparency of security practices within cloud providers.
November 17, 2010
The Cloud Security Alliance (CSA) today announced the availability of the CSA Governance, Risk Management and Compliance (GRC) Stack, a suite of enabling tools for GRC in the cloud, now available for free download at https://cloudsecurityalliance.org/research/projects/grc-stack/.
October 12, 2010
The Cloud Security Alliance today has announced the release of version 1.0 of the Consensus Assessments Initiative Questionnaire.
Consensus Assessments Working Group Downloads
Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0”
Release Date: February 01, 2016
Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.
Release Date: September 01, 2011