Cloud Security Technical Reference Architecture

The purpose of the Cloud Security Technical Reference Architecture is to guide agencies in a coordinated and deliberate way as they continue to adopt cloud technology. This approach will allow the Federal Government to identify, detect, protect, respond, and recover from cyber incidents, while improving cybersecurity across the .gov enterprise. As outlined in Section 3(c)(ii) of the Executive Order 14028, this document seeks to inform agencies of the advantages and inherent risks of adopting cloud-based services as they begin to implement zero trust architectures. The Cloud Security Technical Reference Architecture also illustrates recommended approaches to cloud migration and data protection for agency data collection and reporting.

The Cloud Security TRA was developed through a collaborative, multi-agency effort with contributions from the Cybersecurity and Infrastructure Security Agency (CISA), United States Digital Service (USDS), and the Federal Risk and Authorization Management Program (FedRAMP). The Cloud Security TRA provides agencies with guidance on the shared risk model for cloud service adoption (authored by FedRAMP), how to build a cloud environment (authored by USDS), and how to monitor such an environment through robust cloud security posture management (authored by CISA).