Consensus Assessments Initiative Arrow to Content

Current Initiatives and Events

CAI Public Feedback Call

Help us to continue to refine CAIQ by joining the CAI leadership in reviewing the current Questionnaire.

Download the Latest Version of CAIQ

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance "Security Guidance for Critical Areas of Focus in Cloud Computing V3.0"

Introduction to the Consensus Assessments Initiative

Lack of security control transparency is a leading inhibitor to the adoption of cloud services. The Cloud Security Alliance Consensus Assessments Initiative (CAI) was launched to perform research, create tools and create industry partnerships to enable cloud computing assessments. We are focused on providing industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings, providing security control transparency. This effort by design is integrated with and will support other projects from our research partners.

October 12, 2010. The initial deliverable of this project is the Consensus Assessments Initiative Questionnaire. This questionnaire is available in spreadsheet format, and provides a set of questions a cloud consumer and cloud auditor may wish to ask of a cloud provider. It provides a series of "yes or no" control assertion questions which can then be tailored to suit each unique cloud customer's evidentiary requirements. This question set is meant to be a companion to the CSA Guidance and the CSA Cloud Controls Matrix, and these documents should be used together. Columns A and B within the question set are the Control Area and Control ID columns from the CSA Cloud Controls Matrix document. This question set is a simplified distillation of the issues, best practices and control specifications from our Guidance and Controls Matrix, intended to help organizations build the necessary assessment processes for engaging with cloud providers.

The Consensus Assessments Initiative is part of the CSA GRC Stack.

Download the Consensus Assessments Initiative Questionnaire Version 3.0.1

Document Version Release Date Download
Consensus Assessments Initiative Questionnaire 3.0.1 07/10/2014 Download

What's New in Version v3.0.1

  • Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance "Security Guidance for Critical Areas of Focus in Cloud Computing V3.0"
  • Maps the CAIQ questions to the latest compliance regulations found in the CCM v3.0.1
  • Rewritten controls for clarity of intent, STAR enablement, and SDO alignment

Consensus Assessments Initiative Questionnaire v3.0.1 Contributors

"We value your volunteer contributions and believe that the devotion of volunteers like you will continue to lead CSA into the future"

- J.R. Santos, CSA Global Research Director

Working Group (WG) Co-Chair(s)

  • Laura Posey

CSA Global Support

  • Tabitha Alterman
  • Daniele Catteddu
  • Frank Guanco
  • JR Santos
  • Evan Scoboria
  • Kendall Scoboria
  • John Yeoh

Contributors

  • Rizwan Ahmad
  • David Alexander
  • Karthik Amrutesh
  • Sameer Anja
  • Esther Ankomah
  • Neil Barlow
  • Michael O. Bayere
  • Ken Biery Jr.
  • Hugues Bourassa
  • Jeffrey Carpenter
  • Sean Cordero
  • Gregg David
  • Evelyn de Souza
  • Hassan El Alloussi
  • Christopher Frenz
  • Shane Fuller
  • David Gochenaur
  • Aaron Guzman
  • Kurt Hagerman
  • Peter HJ van Eijk
  • David Johnson
  • Jeromme Lawler
  • Yves Le Roux
  • Mike Lo
  • Loredana Mancini
  • Bill Marriott
  • Matt Mullins
  • Shawn Oldham
  • Jean Pawluk
  • Angela Polania
  • Damir Savanovic
  • Becky Swain
  • D Swaminathan
  • Martin Verreault
  • Aaron Weaver
  • Brandon Wu

Consensus Assessments Initiative Leadership

Chair:
Laura Posey

Download the Consensus Assessments Initiative Questionnaire

Consensus Assessments Initiative Questionnaire v3.0.1

Consensus Assessments Initiative Questionnaire v3.0.1

Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0″

Release Date: July 11, 2014

Consensus Assessments Initiative Questionnaire v1.1

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: September 01, 2011

Consensus Assessments Initiative News

July 11, 2014

CCM & CAIQ v3.0.1 Version Update Soft Launch

We are very excited to announce the soft launch of the CCM and CAIQ ​v.3.0.1. We invite you to download both documents during this early review period

April 09, 2014

CSA Seeks Input on Open Peer Review: CAIQ v3.0.1

CSA has kicked off the Consensus Assessment Initiative Questionnaire (CAIQ) v3.0.1 open peer review period, to be held now through May 8, 2014.

April 09, 2014

CSA Seeks Input on Open Peer Review: CCM v3.0.1

Cloud Security Alliance announces an open peer review period for the Cloud Controls Matrix (CCM) v3.0.1, now through May 8, 2014.

March 19, 2014

Volunteer Spotlight: Evelyn de Souza

Evelyn de Souza is a Data Privacy and Compliance Leader at Cisco Systems, where she focuses on developing blueprints and holistic solutions to help organizations embrace the cloud securely and ensure data privacy in an agile manner.

September 12, 2012

CSA Seeks Volunteers for Consensus Assessments Initiative Questionnaire (CAIQ) v.2

CSA warmly invites interested individuals to step forward to contribute to an initiative which promotes cloud security for customers and providers.

November 16, 2011

Major Cloud Providers to Participate In CSA STAR – CSA Security, Trust and Assurance Registry

CSA today announced that Google, Verizon, Intel, McAfee, and Microsoft plan to submit reports to the CSA Security, Trust and Assurance Registry (STAR), a newly announced, free and publicly accessible registry that documents the security controls provided by various cloud computing offerings.

August 16, 2011

Learn About the CSA STAR Registry

The Cloud Security Alliance announces two upcoming opportunities to learn more about its CSA STAR Registry. These public webcast briefings will be held August 18th and 23rd and will cover general information about the STAR Registry and the proper use of linked documents from the GRC Stack.

August 04, 2011

Media Advisory: CSA Announces STAR – CSA Security, Trust and Assurance Registry – To Help Users Assess Security of Cloud Providers

The Cloud Security Alliance (CSA) today announced the launch of a new initiative to encourage transparency of security practices within cloud providers.

November 17, 2010

Cloud Security Alliance Unveils Governance, Risk Management and Compliance (GRC) Stack

The Cloud Security Alliance (CSA) today announced the availability of the CSA Governance, Risk Management and Compliance (GRC) Stack, a suite of enabling tools for GRC in the cloud, now available for free download at https://cloudsecurityalliance.org/research/projects/grc-stack/.

October 12, 2010

Cloud Security Alliance announces availability of Consensus Assessments Initiative Questionnaire

The Cloud Security Alliance today has announced the release of version 1.0 of the Consensus Assessments Initiative Questionnaire.