Cloud services have gained tremendous attentionas a utility paradigm and have been deployed extensively across awide range of fields. However, Cloud security is not catching upto the fast adoption of its services and remains one of the biggestchallenges for Cloud Service Providers (CSPs) and Cloud ServiceConsumers (CSCs) from the industry, government, andacademia. These institutions are increasingly faced with threatssuch as DoS/DDoS attacks, ransomware attacks, and databreaches that are affecting the confidentiality, integrity, andavailability of the cloud system resources. In the current cloudsystems, security requires manual translation of securityrequirements into controls. Such an approach can be for themost part labor intensive, tedious, and error-prone leading toinevitable misconfigurations rendering the system-At-handvulnerable to misuse, either malicious or unintentional.Therefore, it is of utmost importance to automate theconfiguration of the cloud systems per the client's securityrequirements steering clear from the caveats of the manualapproach. Furthermore, cloud systems need to be continuouslymonitored for any misconfigurations. This paper presents amethodology allowing for cloud security automation anddemonstrates how a cloud environment can be automaticallyconfigured to implement a set of NIST SP 800-53 securitycontrols. In addition, this paper shows how the implementationof these controls in the cloud systems can be continuouslymonitored and validated.