CAIQ (Cloud Security Alliance — Consensus Assessments Initiative Questionnaire)¶
Statement¶
ClaimGuard maintains a CAIQ v4 self-assessment for prospective customers and security reviewers who run vendor-due-diligence on cloud providers. The full questionnaire is available on NDA request; this page summarises the structure and points to the public answers already published throughout the trust portal.
Implementation¶
The CSA CAIQ is the standard cloud-vendor questionnaire — 261 yes/no/partial questions across 17 control domains (audit assurance, business continuity, data security, identity & access management, etc.). Most enterprise security teams ask for a filled CAIQ as their first request.
For each domain, our public answer either:
- Points directly at the relevant trust-portal page (most Implementation cells), or
- Is summarised here when no single page covers the question.
The full filled CAIQ — including answers to questions whose implementation details are NDA-protected — is available on request.
How to request¶
Email security@dtectvision.ai with subject "CAIQ request" and your company's NDA template (or ask for ours). Three business days for the filled CAIQ, plus the NDA turnaround on your side. See Contact.
Public answers published in this portal¶
| CAIQ domain | Where we already cover it |
|---|---|
| Application & Interface Security | SAST, SCA, Secure SDLC, Authentication, Authorization |
| Audit Assurance & Compliance | SOC 2, ISO 27001, Audit logging (cloud), Application audit logging |
| Business Continuity & Operational Resilience | Business continuity, Backups, Incident response |
| Change Control & Configuration Management | Change management, Hardening |
| Data Security & Information Lifecycle | Encryption at rest, Encryption in transit, Data retention, Data classification, Data residency |
| Identity & Access Management | Identity provider, MFA, Privileged access, Access management, Session management |
| Infrastructure & Virtualization Security | Cloud provider, Network architecture, Network security, Secrets management |
| Threat & Vulnerability Management | Snyk remediation summary, Dependency management, Vulnerability disclosure |
Status¶
partial — the per-domain coverage is published; the question-by-question filled CAIQ is on NDA-request only. Tracked to flip to implemented once the v4 questionnaire is fully filled and the NDA-share workflow is documented.