The Consensus Assessments Initiative Questionnaire (CAIQ) is a survey provided by the Cloud Security Alliance (CSA) for cloud consumers and auditors to assess the security capabilities of a cloud provider.
The CAIQ is a spreadsheet containing a set of questions, including a series of only yes or no control-assertion questions that can be customized to fit an individual cloud customer's needs. The CAIQ is to be used in conjunction with the CSA guidance and the CSA Cloud Controls Matrix (CCM) and is part of the CSA GRC Stack. It is designed to support organizations when interacting with cloud provider during the cloud provider assessment process by giving organizations specific questions to ask about provider operations and processes.
Cloud providers can use the CAIQ to outline their security capabilities to customers, publicly or privately, in a standardized way using the terms and descriptions considered to be a best practice by the CSA.
Completing the CIAQ usually takes a few hours and it is considered only a first-level screening process; more intensive provider review processes are advised.