Recommendation ITUT X.SRCaaS recommends the security requirements of communication as a service (CaaS) application environments with the identification of the risks. The Recommendation describes the scenarios and the features of CaaS, into which multicommunication capabilities are plugged. Moreover, some special /unique risks are identified, which are caused by the unique features of CaaS. The corresponding security requirements are recommended for the following aspects: Identity fraud, orchestration security, multi devices security, countering spam, privacy protection, infrastructure attack, attack from infrastructure, Intranet attack and so on. The Recommendation refers to the common security requirements of Recommendation ITUT X.1602 to avoid duplicated work. These measures in the requirements take into account the national legal and regulatory obligations in individual member states in which the platforms operate. The work applies the methodology standardized in clause 10 of Recommendation ITU-T X.1601.