This deliverable includes the initial description of the mechanisms and tools that MUSA offers to define the security constraints of a multi-cloud application, in order to support a security-by-design (SbD) development process. Since the adopted SbD approach is based on Security SLAs as a means to express the security requirements of a multi-cloud application and of each of its components, the deliverable provides a discussion of the Security SLA model adopted in MUSA and illustrates the SLA Generation process, aimed at building components’ Security SLAs. In order to support this process, the document introduces an SLA Generation proof-of-concept application, which applies a risk categorization and assessment procedure to each component and uses state-of-art Security Control Frameworks for the identification of their security requirements.