Embodiments of the invention provide a method and an apparatus for generating a security document for a farm in a utility computing environment. In one method embodiment, the present invention accesses a farm specification in a utility computing environment (UCE) repository. In addition, information related to each device in the farm is accessed. Information criticality types and attributes are then collected for the farm, the information criticality matrix comprising information criticality types and attributes for each the device in the farm. The information criticality types and attributes are then combined with an abstract of a security plan to provide a complete farm security document.