The framework introduces an alignment of the NISTFISMA standard to with the cloud computing model. We utilize the existing security automation efforts such as CPE, CEW, CVE and CAPEC to facilitate the cloud services Security Management Process (SMP) . We have validated our framework by using it to model and secure a multitenant SaaS application with two different tenants. The framework can be used by cloud providers to manage their cloud platforms security, by cloud consumers to manage their cloud-hosted assets security, and as a security-as-a service tool to help cloud consumers in outsourcing their internal SMP to the cloud platform