Question 32
UnclassifiedWhich of the following is the reason for designing the Consensus Assessments Initiative Questionnaire (CAIQ)?
Correct answer: B
Explanation
The CAIQ was designed so cloud service providers can “document their security and compliance controls” in a standardized way. It supports assessment against the Cloud Controls Matrix by letting providers describe how they meet security requirements.
Why each option is right or wrong
A. Cloud service providers need the CAIQ to improve quality of customer service.
B. Cloud service providers can document their security and compliance controls.
The CAIQ was created by the Cloud Security Alliance to support the Cloud Controls Matrix (CCM) by giving cloud service providers a standardized questionnaire to describe how their controls map to security and compliance requirements. In practice, it lets providers document their security posture and compliance controls in a consistent format that customers and assessors can review against the CCM’s control domains.
C. Cloud service providers can document roles and responsibilities for cloud security.
D. Cloud users can use CAIQ to sign statement of work (SOW) with cloud access security