CSA Seeks Input on Open Peer Review: CAIQ v3.0.1 Arrow to Content

CSA has kicked off the Consensus Assessment Initiative Questionnaire (CAIQ) v3.0.1 open peer review period, to be held now through May 8, 2014. Please consider participating in this peer review by leaving your comments on the CAIQ v3.0.1.

This updated version of the CAIQ realigns the questions to CCM v3.x control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0.” It also maps the CAIQ questions to the latest compliance regulations found in the CCM v3.0.1. Other considerations for peer review include evaluating question relevancy and inclusion of additional questions for the updated version of the survey.

Submitting feedback is easy!

1) Follow the link to the CSA Interact peer review site: https://interact.cloudsecurityalliance.org/index.php/caiq/v3_0_1

2) Sign up to access the document, review, and comment!*

Feedback is collected and reviewed by the CAI working group for consideration into the latest version. We look forward to receiving your comments.

ABOUT THE CSA CONSENSUS ASSESSMENT INITIATIVE QUESTIONNAIRE (CAIQ)

The Consensus Assessments Initiative Questionnaire (CAIQ) is a set of questions a cloud consumer and cloud auditor may wish to ask of a cloud provider. It provides a series of “yes or no” control assertion questions that can then be tailored to suit each unique cloud customer’s evidentiary requirements. The questions are based on the security controls found in the CSA Cloud Controls Matrix (CCM), a code of practice focused on providing industry-accepted security controls and transparency in IaaS, PaaS, and SaaS offerings. The CAIQ integrates and supports other projects from our research partners to aid in evaluating cloud services.

The questionnaire serves as a companion to the CSA Guidance and the CSA Cloud Controls Matrix (CCM). It simplifies questions about cloud security, best practices, and control specifications to help organizations build the necessary assessment processes for engaging with cloud providers. The Consensus Assessments Initiative is also part of the CSA GRC Stack. Learn more about the CAIQ.

*Note: The new or revised questions are highlighted in yellow on the CAIQ v3.0.1 peer review spreadsheet.

Additional peer review opportunities including CCM v3.0.1 can be found here: https://interact.cloudsecurityalliance.org/