Security News > 2021 > June > Cloud Security Alliance updates its CAIQ to increase value for cloud service providers and customers
The Cloud Security Alliance released an update to its Consensus Assessment Initiative Questionnaire, a set of questions that allow cloud consumers and auditors to ascertain a cloud service provider's compliance with the Cloud Controls Matrix.
With CAIQv4, users can showcase additional accountability and transparency regarding their security and privacy practices, providing additional value for both cloud service providers and customers.
"This update addresses what is arguably one of the biggest risks in the cloud ecosystem - the lack of understanding of the shared responsibility model. The information gap between the various parties in the cloud supply chain has become the cause of easily avoidable cloud security and privacy breaches. With these additions to CAIQ, and consequently to the STAR Registry, CSA is facilitating cloud customers with their vendor and third-party management process, as well as in building a well-defined cloud security, privacy and accountability program," said Daniele Catteddu, Chief Technology Officer, Cloud Security Alliance.
Changes in the structure of the document used for the submissions to Security, Trust, Assurance and Risk Registry Level 1.
Additional sections related to the Shared Security Responsibility Model, which lets CSPs better describe the allocation of the responsibility for the implementation of a CCMv4 control.
STAR Level 1: Security Questionnaire: Used to submit to the STAR registry and includes all the necessary features, including the SSRM..
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/B5kN4ZzzSrw/
Related news
- How AI Is Changing the Cloud Security and Risk Equation (source)
- Strategies for CISOs navigating hybrid and multi-cloud security (source)
- AWS unveils cloud security IR service for a mere $7K a month (source)
- Are Long-Lived Credentials the New Achilles’ Heel for Cloud Security? (source)
- Best CSPM Tools 2025: Top Cloud Security Solutions Compared (source)
- CrowdStrike vs Wiz: Which Offers Better Cloud Security and Value? (source)
- CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01 (source)
- Enhancing visibility for better security in multi-cloud and hybrid environments (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)