Consensus Assessments Initiative Arrow to Content

Download the Consensus Assessments Initiative Questionnaire

Document Version Release Date Download
Consensus Assessments Initiative Questionnaire 1.1 09/01/2011 Download

Introduction to the Consensus Assessments Initiative

Lack of security control transparency is a leading inhibitor to the adoption of cloud services. The Cloud Security Alliance Consensus Assessments Initiative (CAI) was launched to perform research, create tools and create industry partnerships to enable cloud computing assessments. We are focused on providing industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings, providing security control transparency. This effort by design is integrated with and will support other projects from our research partners.

October 12, 2010. The initial deliverable of this project is the Consensus Assessments Initiative Questionnaire. This questionnaire is available in spreadsheet format, and provides a set of questions a cloud consumer and cloud auditor may wish to ask of a cloud provider. It provides a series of "yes or no" control assertion questions which can then be tailored to suit each unique cloud customer's evidentiary requirements. This question set is meant to be a companion to the CSA Guidance and the CSA Cloud Controls Matrix, and these documents should be used together. Columns A and B within the question set are the Control Area and Control ID columns from the CSA Cloud Controls Matrix document. This question set is a simplified distillation of the issues, best practices and control specifications from our Guidance and Controls Matrix, intended to help organizations build the necessary assessment processes for engaging with cloud providers.

The Consensus Assessments Initiative is part of the CSA GRC Stack.

Consensus Assessments Initiative Leadership

Chair:
Laura Posey

Join the Consensus Assessments Initiative

Download the Consensus Assessments Initiative Questionnaire

Consensus Assessments Initiative Questionnaire v1.1

Consensus Assessments Initiative Questionnaire v1.1

Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.

Release Date: September 01, 2011

Consensus Assessments Initiative News

November 16, 2011

Major Cloud Providers to Participate In CSA STAR – CSA Security, Trust and Assurance Registry

CSA today announced that Google, Verizon, Intel, McAfee, and Microsoft plan to submit reports to the CSA Security, Trust and Assurance Registry (STAR), a newly announced, free and publicly accessible registry that documents the security controls provided by various cloud computing offerings.

August 16, 2011

Learn About the CSA STAR Registry

The Cloud Security Alliance announces two upcoming opportunities to learn more about its CSA STAR Registry. These public webcast briefings will be held August 18th and 23rd and will cover general information about the STAR Registry and the proper use of linked documents from the GRC Stack.

August 04, 2011

Media Advisory: CSA Announces STAR – CSA Security, Trust and Assurance Registry – To Help Users Assess Security of Cloud Providers

The Cloud Security Alliance (CSA) today announced the launch of a new initiative to encourage transparency of security practices within cloud providers.

November 17, 2010

Cloud Security Alliance Unveils Governance, Risk Management and Compliance (GRC) Stack

The Cloud Security Alliance (CSA) today announced the availability of the CSA Governance, Risk Management and Compliance (GRC) Stack, a suite of enabling tools for GRC in the cloud, now available for free download at https://cloudsecurityalliance.org/research/projects/grc-stack/.

October 12, 2010

Cloud Security Alliance announces availability of Consensus Assessments Initiative Questionnaire

The Cloud Security Alliance today has announced the release of version 1.0 of the Consensus Assessments Initiative Questionnaire.

Page Dividing Line