Overview
The Consensus Assessments Initiative Questionnaire (CAIQ) v4.1.0 is a comprehensive cloud security assessment questionnaire developed by the Cloud Security Alliance (CSA) to help organizations evaluate the security, privacy, and compliance capabilities of cloud service providers. Aligned with the Cloud Controls Matrix (CCM) v4.1, it provides a standardized framework for documenting and assessing the implementation of cloud security controls across a wide range of operational and technical areas.
CAIQ v4.1.0 contains 261 yes-or-no assessment questions mapped to 207 controls across 17 security domains, including governance, risk management, identity and access management, application security, data protection, infrastructure security, incident management, and compliance. The questionnaire enables cloud providers to demonstrate their security practices consistently while allowing customers to perform detailed evaluations using a recognized industry standard.
The primary purpose of CAIQ v4.1.0 is to support vendor due diligence, third-party risk management, cloud security assessments, and regulatory compliance efforts. By providing a common set of assessment criteria, it improves transparency between organizations and cloud vendors, helps identify potential security gaps, and facilitates informed decision-making when selecting, onboarding, or monitoring cloud services.