This Recommendation focuses mainly on the security requirements of software as a service (SaaS) application environments based on the SaaS application maturity level. The target audiences of this Recommendation are cloud service providers (CSPs) and cloud service partners (CSNs) such as application developers.