CAIQ (Consensus Assessments Initiative Questionnaire)
The CAIQ (Consensus Assessments Initiative Questionnaire) is a cloud-security self-assessment from the Cloud Security Alliance (CSA), aligned to the Cloud Controls Matrix (CCM). A provider answers each control question — typically yes/no with notes — to document its security posture, and CAIQ submissions can be published in the CSA STAR registry.
Synonyms: Consensus Assessments Initiative Questionnaire, CSA CAIQ, CAIQ questionnaire
The CAIQ (Consensus Assessments Initiative Questionnaire) is a standardized questionnaire from the Cloud Security Alliance that lets a cloud provider document its security controls against the Cloud Controls Matrix (CCM). Each question maps to a specific control domain — identity, encryption, logging, supply chain, and more — and is usually answered yes/no with explanatory notes.
Because the CAIQ is control-mapped and can be published in the CSA STAR registry, it is both a customer-facing artifact and a reusable internal record. Answering it well means grounding each response in the actual control and its evidence, keeping the answers current as controls change, and reviewing sensitive responses before publication — the same discipline that keeps any security questionnaire defensible.