Glossary - AWS Artifact
Services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the AWS European Sovereign Cloud Region, see the AWS European Sovereign Cloud User Guide.

Glossary

Term Definition

DDQ

Due Diligence Questionnaire – a structured set of questions used in vendor assessments and security reviews to evaluate an organization's security and compliance posture.

CAIQ

Consensus Assessments Initiative Questionnaire – a standardized due diligence questionnaire published by the Cloud Security Alliance (CSA).

SIG

Standardized Information Gathering questionnaire – a widely used due diligence questionnaire format for assessing third-party vendors.

SOC

System and Organization Controls – a set of audit report types (SOC 1, SOC 2, SOC 3) that evaluate service organizations' controls.

ISO

International Organization for Standardization – a globally recognized body that publishes standards, including ISO 27001 for information security management.

Citation

A reference to a specific statement in a verified AWS compliance document that supports an AI-generated response, allowing independent verification.

IAM

AWS Identity and Access Management – the service used to manage permissions and access to AWS resources, including AWS Artifact features.

Compliance inquiry

A record in Assurance Assistant that contains a submitted question or questionnaire and the AI-generated responses.