Consensus Assessments Initiative
Current Initiatives and Events
CAI Public Feedback Call
Help us to continue to refine CAIQ by joining the CAI leadership in reviewing the current Questionnaire.
Download the Latest Version of CAIQ
Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance "Security Guidance for Critical Areas of Focus in Cloud Computing V3.0"
Introduction to the Consensus Assessments Initiative
Lack of security control transparency is a leading inhibitor to the adoption of cloud services. The Cloud Security Alliance Consensus Assessments Initiative (CAI) was launched to perform research, create tools and create industry partnerships to enable cloud computing assessments. We are focused on providing industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings, providing security control transparency. This effort by design is integrated with and will support other projects from our research partners.
October 12, 2010. The initial deliverable of this project is the Consensus Assessments Initiative Questionnaire. This questionnaire is available in spreadsheet format, and provides a set of questions a cloud consumer and cloud auditor may wish to ask of a cloud provider. It provides a series of "yes or no" control assertion questions which can then be tailored to suit each unique cloud customer's evidentiary requirements. This question set is meant to be a companion to the CSA Guidance and the CSA Cloud Controls Matrix, and these documents should be used together. Columns A and B within the question set are the Control Area and Control ID columns from the CSA Cloud Controls Matrix document. This question set is a simplified distillation of the issues, best practices and control specifications from our Guidance and Controls Matrix, intended to help organizations build the necessary assessment processes for engaging with cloud providers.
The Consensus Assessments Initiative is part of the CSA GRC Stack.
Download the Consensus Assessments Initiative Questionnaire Version 3.0.1
|Consensus Assessments Initiative Questionnaire||3.0.1||07/10/2014||Download|
What's New in Version v3.0.1
- Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance "Security Guidance for Critical Areas of Focus in Cloud Computing V3.0"
- Maps the CAIQ questions to the latest compliance regulations found in the CCM v3.0.1
- Rewritten controls for clarity of intent, STAR enablement, and SDO alignment
Consensus Assessments Initiative Questionnaire v3.0.1 Contributors
"We value your volunteer contributions and believe that the devotion of volunteers like you will continue to lead CSA into the future"
- J.R. Santos, CSA Global Research Director
Working Group (WG) Co-Chair(s)
- Laura Posey
CSA Global Support
- Tabitha Alterman
- Daniele Catteddu
- Frank Guanco
- JR Santos
- Evan Scoboria
- Kendall Scoboria
- John Yeoh
- Rizwan Ahmad
- David Alexander
- Karthik Amrutesh
- Sameer Anja
- Esther Ankomah
- Neil Barlow
- Michael O. Bayere
- Ken Biery Jr.
- Hugues Bourassa
- Jeffrey Carpenter
- Sean Cordero
- Gregg David
- Evelyn de Souza
- Hassan El Alloussi
- Christopher Frenz
- Shane Fuller
- David Gochenaur
- Aaron Guzman
- Kurt Hagerman
- Peter HJ van Eijk
- David Johnson
- Jeromme Lawler
- Yves Le Roux
- Mike Lo
- Loredana Mancini
- Bill Marriott
- Matt Mullins
- Shawn Oldham
- Jean Pawluk
- Angela Polania
- Damir Savanovic
- Becky Swain
- D Swaminathan
- Martin Verreault
- Aaron Weaver
- Brandon Wu
Consensus Assessments Initiative Leadership
Download the Consensus Assessments Initiative Questionnaire
Release Date: July 29, 2014
Realigns the CAIQ questions to CCM v3.0.1 control domains and the Cloud Security Alliance “Security Guidance for Critical Areas of Focus in Cloud Computing V3.0″
Release Date: July 11, 2014
Questionnaire is organized using CSA 13 governing & operating domains divided into “control areas” within CSA’s Control Matrix structure.
Release Date: September 01, 2011
Release Date: October 12, 2010
Consensus Assessments Initiative News
July 11, 2014
We are very excited to announce the soft launch of the CCM and CAIQ v.3.0.1. We invite you to download both documents during this early review period
April 09, 2014
CSA has kicked off the Consensus Assessment Initiative Questionnaire (CAIQ) v3.0.1 open peer review period, to be held now through May 8, 2014.
April 09, 2014
Cloud Security Alliance announces an open peer review period for the Cloud Controls Matrix (CCM) v3.0.1, now through May 8, 2014.
March 19, 2014
Evelyn de Souza is a Data Privacy and Compliance Leader at Cisco Systems, where she focuses on developing blueprints and holistic solutions to help organizations embrace the cloud securely and ensure data privacy in an agile manner.
September 12, 2012
CSA warmly invites interested individuals to step forward to contribute to an initiative which promotes cloud security for customers and providers.
November 16, 2011
CSA today announced that Google, Verizon, Intel, McAfee, and Microsoft plan to submit reports to the CSA Security, Trust and Assurance Registry (STAR), a newly announced, free and publicly accessible registry that documents the security controls provided by various cloud computing offerings.
August 16, 2011
The Cloud Security Alliance announces two upcoming opportunities to learn more about its CSA STAR Registry. These public webcast briefings will be held August 18th and 23rd and will cover general information about the STAR Registry and the proper use of linked documents from the GRC Stack.
August 04, 2011
Media Advisory: CSA Announces STAR – CSA Security, Trust and Assurance Registry – To Help Users Assess Security of Cloud Providers
The Cloud Security Alliance (CSA) today announced the launch of a new initiative to encourage transparency of security practices within cloud providers.
November 17, 2010
The Cloud Security Alliance (CSA) today announced the availability of the CSA Governance, Risk Management and Compliance (GRC) Stack, a suite of enabling tools for GRC in the cloud, now available for free download at https://cloudsecurityalliance.org/research/projects/grc-stack/.
October 12, 2010
The Cloud Security Alliance today has announced the release of version 1.0 of the Consensus Assessments Initiative Questionnaire.