CybersecurityStandardFramework

CAIQ v4.1.0

Consensus Assessment Initiative Questionnaire v4.1.0

The Consensus Assessments Initiative Questionnaire (CAIQ) v4.1.0 is a comprehensive cloud security assessment questionnaire developed by the Cloud Security Alliance (CSA) and aligned with the Cloud Controls Matrix (CCM) v4.1 to help organizations evaluate the security, privacy, and compliance practices of cloud service providers. It includes 261 assessment questions mapped to 207 controls across 17 security domains, supporting detailed vendor due diligence, third-party risk management, and cloud security assessments using a standardized industry framework.

Overview

The Consensus Assessments Initiative Questionnaire (CAIQ) v4.1.0 is a comprehensive cloud security assessment questionnaire developed by the Cloud Security Alliance (CSA) to help organizations evaluate the security, privacy, and compliance capabilities of cloud service providers. Aligned with the Cloud Controls Matrix (CCM) v4.1, it provides a standardized framework for documenting and assessing the implementation of cloud security controls across a wide range of operational and technical areas.

CAIQ v4.1.0 contains 261 yes-or-no assessment questions mapped to 207 controls across 17 security domains, including governance, risk management, identity and access management, application security, data protection, infrastructure security, incident management, and compliance. The questionnaire enables cloud providers to demonstrate their security practices consistently while allowing customers to perform detailed evaluations using a recognized industry standard.

The primary purpose of CAIQ v4.1.0 is to support vendor due diligence, third-party risk management, cloud security assessments, and regulatory compliance efforts. By providing a common set of assessment criteria, it improves transparency between organizations and cloud vendors, helps identify potential security gaps, and facilitates informed decision-making when selecting, onboarding, or monitoring cloud services.

Related in Cybersecurity

CybersecurityStandard

CAIQ Lite v4.1.0 — Consensus Assessments Initiative Questionnaire Lite v4.1.0

Consensus Assessments Initiative Questionnaire (CAIQ) Lite v4.1.0 is a streamlined cloud security assessment questionnaire developed by the Cloud Security Alliance (CSA) and aligned with the Cloud Controls Matrix (CCM) v4.1 to help organizations evaluate cloud service providers using a standardized approach. It includes 138 focused questions across 17 security domains, enabling efficient vendor due diligence, third-party risk management, and security posture assessments.

Cloud Security Alliance (CSA) • v4.1.0

View details
CybersecurityFrameworkStandard

CCM v4.1 — Cloud Controls Matrix v4.1

The Cloud Controls Matrix (CCM) v4.1 is a cybersecurity control framework that consists of 207 controls across 17 security domains, specifically tailored for cloud security and privacy. The Consensus Assessment Initiative Questionnaire (CAIQ) accompanies the CCM, offering a set of assessment questions to evaluate security controls.

Cloud Security Alliance (CSA) • v4.1

View details
CybersecurityStandard

SOC-CMM — SOC-CMM Assessment Tool

The SOC-CMM model is a capability maturity model that can be used to perform a self-assessment of your Security Operations Center (SOC). The model is based on review conducted on literature regarding SOC setup and existing SOC models as well as literature on specific elements within a SOC. The literature analysis was then validated by questioning several Security Operations Centers in different sectors and on different maturity levels to determine which elements were actually in place. The output from the survey, combined with the initial analysis is the basis for this self-assessment. For more information regarding the scientific background and the literature used to create the SOC-CMM self-assessment tool, please refer to the thesis document as available through: https://www.soc-cmm.com/

SOC-CMM

View details
CybersecurityRegulation

EU Digital Services Act — Regulation (EU) 2022/2065 - EU Digital Services Act

The Digital Services Act (DSA) (Regulation (EU) 2022/2065) establishes a comprehensive framework for regulating online intermediary services, platforms, and marketplaces across the European Union to create a safer and more transparent digital environment. The regulation introduces obligations for online platforms to address illegal content, improve transparency in content moderation and advertising, protect users' rights, and manage systemic risks such as disinformation and harmful content. It also imposes enhanced requirements on very large online platforms and search engines, while preserving fundamental rights, consumer protection, and innovation. Overall, the DSA aims to harmonize rules across the EU and increase accountability for digital service providers operating within the Single Market.

European Union • EU

View details

Ready to manage these frameworks?

6clicks maps regulations to controls, evidence and risks — automatically.

Book your strategy call