In this paper we introduced a collaboration-based security
management framework for the cloud computing model.
The framework introduces an alignment of the NISTFISMA
standard to fit with the cloud computing model. We
utilize the existing security automation efforts such as CPE,
CWE, CVE and CAPEC to facilitate the cloud services
Security Management Process (SMP). We have validated
our framework by using it to model and secure a multi tenant
SaaS application with two different tenants. The
framework can be used by cloud providers to manage their
cloud platforms security, by cloud consumers to manage
their cloud-hosted assets security, and as a security-as-aservice
tool to help cloud consumers in outsourcing their
internal SMP to the cloud platform.