Consensus Assessments Working Group

Current Initiatives

No open initiatives at this time.

Introduction to the Consensus Assessments Working Group

Lack of security control transparency is a leading inhibitor to the adoption of cloud services. The Cloud Security Alliance Consensus Assessments Initiative (CAI) was launched to perform research, create tools and create industry partnerships to enable cloud computing assessments. We are focused on providing industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings, providing security control transparency. This effort by design is integrated with and will support other projects from our research partners.

The Latest Questionnaire is Version 3.0.1

Download now

Want to contribute to the Consensus Assessments Working Group?

Fill out the form below to join today!


Other:

If you experience trouble using this form, please submit the information here.

Consensus Assessments Working Group News

July 11, 2014

CCM & CAIQ v3.0.1 Version Update Soft Launch

We are very excited to announce the soft launch of the CCM and CAIQ ​v.3.0.1. We invite you to download both documents during this early review period

April 09, 2014

CSA Seeks Input on Open Peer Review: CAIQ v3.0.1

CSA has kicked off the Consensus Assessment Initiative Questionnaire (CAIQ) v3.0.1 open peer review period, to be held now through May 8, 2014.

March 19, 2014

Volunteer Spotlight: Evelyn de Souza

Evelyn de Souza is a Data Privacy and Compliance Leader at Cisco Systems, where she focuses on developing blueprints and holistic solutions to help organizations embrace the cloud securely and ensure data privacy in an agile manner.

November 07, 2013

Cloud Security Alliance Annual Congress to Serve as Launchpad for New Research, Guidance Reports and Working Groups

CSA today released its planned research agenda and a preview of new working groups to be launched at the upcoming CSA Congress 2013, taking place December 4-5 in Orlando.

September 12, 2012

CSA Seeks Volunteers for Consensus Assessments Initiative Questionnaire (CAIQ) v.2

CSA warmly invites interested individuals to step forward to contribute to an initiative which promotes cloud security for customers and providers.

November 16, 2011

Major Cloud Providers to Participate In CSA STAR – CSA Security, Trust and Assurance Registry

CSA today announced that Google, Verizon, Intel, McAfee, and Microsoft plan to submit reports to the CSA Security, Trust and Assurance Registry (STAR), a newly announced, free and publicly accessible registry that documents the security controls provided by various cloud computing offerings.

August 16, 2011

Learn About the CSA STAR Registry

The Cloud Security Alliance announces two upcoming opportunities to learn more about its CSA STAR Registry. These public webcast briefings will be held August 18th and 23rd and will cover general information about the STAR Registry and the proper use of linked documents from the GRC Stack.

August 04, 2011

Media Advisory: CSA Announces STAR – CSA Security, Trust and Assurance Registry – To Help Users Assess Security of Cloud Providers

The Cloud Security Alliance (CSA) today announced the launch of a new initiative to encourage transparency of security practices within cloud providers.

November 17, 2010

Cloud Security Alliance Unveils Governance, Risk Management and Compliance (GRC) Stack

The Cloud Security Alliance (CSA) today announced the availability of the CSA Governance, Risk Management and Compliance (GRC) Stack, a suite of enabling tools for GRC in the cloud, now available for free download at https://cloudsecurityalliance.org/research/projects/grc-stack/.

October 12, 2010

Cloud Security Alliance announces availability of Consensus Assessments Initiative Questionnaire

The Cloud Security Alliance today has announced the release of version 1.0 of the Consensus Assessments Initiative Questionnaire.

Consensus Assessments Working Group Videos

No videos currently available.

Consensus Assessments Working Group Downloads

Consensus Assessments Initiative Questionnaire v3.0.1

Consensus Assessments Initiative Questionnaire v3.0.1

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0″

Release Date: July 11, 2014

Consensus Assessments Initiative Questionnaire v1.1

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: September 01, 2011

Consensus Assessments Working Group Co-chairs

Laura Posey

Ms. Laura Posey is a Senior Security Strategist in the Global Security Strategy and Diplomacy (GSSD) team at Microsoft, which focuses on driving strategic change, both within Microsoft and externally, to advance cyber security and resiliency. In her role, Ms. Posey draws upon her 12+ years of experience in the technology space to address global challenges related to information assurance and security policy and standards with a special focus on the challenges of government organizations worldwide. Ms. Posey is a strong voice representing Microsoft in the Cloud Security Alliance (CSA) on issues representing both consumers and providers of Cloud services and technology and a supporting member of SAFECODE, addressing supply chain integrity best practices.

Prior to joining the GSSD team, Ms. Posey worked in engineering organizations at Microsoft, most notably on the BitLocker Drive Encryption product and on the Next Generation Secure Computing Base project (NGSCB), which also incorporated TPM technologies. Ms. Posey’s role within these organizations included interfacing with government information assurance organizations worldwide disseminating forensics and cryptography details for the products to these organizations. Ms. Posey was awarded 2 patents for her work in these technologies.

In her early days at Microsoft, Ms. Posey led program management teams at msn.com and its predecessor, sidewalk.com, drawing on her design and user experience background in building online applications for Charles Schwab and Wells Fargo Bank in San Francisco, CA.

Prior to her career in technology, Ms. Posey worked for the Japanese Ministry of Education, Culture, Sports, Science and Technology (Monbusho) in Hokkaido, Japan, serving as a Ministry representative to the local Board of Education and liaison to the local mayor’s office. Her duties included English education, written and verbal translation for several local government offices, and assistance in the town’s foreign exchange programs with Australia and Canada.

Ms. Posey holds a Bachelors of Arts in both Asian Studies and Communications from the University of North Carolina at Chapel Hill.

Consensus Assessments Working Group Advisors

Becky Swain

Becky Swain is a Partner with EKKO Consulting, Founding Member of the Cloud Security Alliance (CSA) and the Security Lead for the Cloud Network of Women (CloudNOW) Special Interest Group (SIG). She has over 13 years of strategic and applied information security expertise with both a broad and deep understanding of the design and effectiveness of policies, processes, architectures, and internal controls.

Sean Cordero

Prior to establishing his company, Cloud Watchmen, Inc., Mr. Cordero served as the CSO for EdFund, where his team oversaw information security for an over $39B loan portfolio. His previous roles included: Director of Security and Compliance for Charlotte Russe, and global leader for Life Technologies distributed systems program.

Mr. Cordero regularly presents at leading industry and academic conferences including CSO Magazine, the High Technology Crimes Association, and UC Davis, where he has shared his dynamic and pragmatic approach to information security.

Evelyn de Souza

Evelyn de Souza is a Data Privacy and Compliance Leader at Cisco Systems, where she focuses on developing blueprints and holistic solutions to help organizations embrace the cloud securely and ensure data privacy in an agile manner.