I would like to recommend my client to use CAIQ or CAIQ-Lite as a questionnaire for CSPs.
My client may want to confirm whether CSPs provide SAML with major IDaaS providers. However, I could not find such a question in CAIQ V3 and V4.
In addition, they may want to confirm whether CSPs provide a function to restrict access based source IP addresses. Also I could not find such a question in CAIQ V3 and V4.
Do you find questions which include those questions I have in CAIQ V3 or V4? Should they create customized questionnaire to add such questions to CAIQ or CAIQ-Lite?
------------------------------
Masahiro Haneda CCSK
Security Consltant
NRI SecureTechnologies Ltd.
Tokyo
------------------------------