Consensus Assessments Initiative Questionnaire v3.0.1

CAIQ questionnaires can be tailored to fit an individual cloud customer's needs, and it is intended to be used with the CSA Guidance and Cloud Controls Matrix (CCM). CAIQ consists of a series of Yes/No questions that distill issues, best practices and control specifications from CSA Guidance and CCM. It is also part of the CSA Governance, Risk management and Compliance (GRC) Stack. CAIQ aims to create common industry standards to document security controls in infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS) and software-as-a service (SaaS) operations.

The Consensus Assessments Initiative Questionnaire (CAIQ) v3.1. offers an industry-accepted way to document what security controls exist in IaaS, PaaS, and SaaS services, providing security control transparency. It provides a set of Yes/No questions a cloud consumer and cloud auditor may wish to ask of a cloud provider to ascertain their compliance to the Cloud Controls Matrix (CCM). Therefore, it helps cloud customers to gauge the security posture of prospective cloud service providers and determine if their cloud services are suitably secure.