alt Hacker NewsPlease don't do any extra engineering for your wiki project simply because it appears on the Cloud Security Alliance CAIQ worksheet. These worksheets are built by committees where every member has a bunch of idiosyncratic controls and objectives that they slip into the document.
Sometimes good change comes from compliance. More than once I’ve seen major product resource shift to address major cybersecurity gaps, in response to a compliance led audit.
Compliance is not security, but engineers, especially solo ones tend to have their blinkers on when they’re trying to build something to first work.