Consensus Assessments Initiative

cai logo

Consensus Assessments Initiative

Lack of security control transparency is a leading inhibitor to the adoption of cloud services. The Cloud Security Alliance Consensus Assessments Initiative (CAI) was launched to perform research, create tools and create industry partnerships to enable cloud computing assessments. We are focused on providing industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings, providing security control transparency. This effort by design is integrated with and will support other projects from our research partners.

October 12, 2010. The initial deliverable of this project is the Consensus Assessments Initiative Questionnaire. This questionnaire is available in spreadsheet format, and provides a set of questions a cloud consumer and cloud auditor may wish to ask of a cloud provider. It provides a series of "yes or no" control assertion questions which can then be tailored to suit each unique cloud customer's evidentiary requirements. This question set is meant to be a companion to the CSA Guidance and the CSA Cloud Controls Matrix, and these documents should be used together. Columns A and B within the question set are the Control Area and Control ID columns from the CSA Cloud Controls Matrix document. This question set is a simplified distillation of the issues, best practices and control specifications from our Guidance and Controls Matrix, intended to help organizations build the necessary assessment processes for engaging with cloud providers.

The Consensus Assessments Initiative is part of the CSA GRC Stack.

Download the Consensus Assessments Initiative Questionnaire

Document Version Release Date Download
Consensus Assessments Initiative Questionnaire 1.1 09/01/2011 Download (xlsx)
Download (xls)
Consensus Assessments Initiative Questionnaire 1.0 10/12/2010 Download (xlsx)
Download (xls)

Leaders

Earle Humphreys – ITEEx
Marlin Pohlman – EMC
Laura Posey – Microsoft
Jason Witty – Bank of America

Editors

Christofer Hoff – Cisco
Douglas Barbin – SAS 70 Solutions

Contributing Members

Matthew Becker – Bank of America
Aaron Benson – Novell
Ken Biery – Verizon Business
Niall Browne – LiveOps
Scott Deming – Bank of America
Mark Estberg – Microsoft
Kristopher Fador – Bank of America
David Gochenaur – Aon Corporation
Ron Hale – ISACA
Jesus Molina – Fujitsu
John Nootens – AMA Association
Hemma Prafullchandra – Hytrust
Gorka Sadowski – LogLogic
Richard Schimmel – Bank of America
Patrick Vowles – RSA
Kenneth Zoline – IBM

Commenting Reviewers

Philip Agcaoili – Cox Communications
Dorian Cougias – Unified Compliance
Francoise Gilbert – IT Law Group
Bob Jones – Santa Fe Group
Davi Ottenheimer – flyingpenguin
M S Prasad – NeoAccel
Raj Samani – McAfee

Consensus Assessment Initiative Working Group

The Cloud Security Alliance Consensus Assessments Initiative (CAI) was launched to perform research, create tools and create industry partnerships to enable cloud computing assessments.
Leadership Contact: Jason Witty, Marlin Pohlman

Initiative Sponsors

None