Cloud Security Technical Reference Architecture (TRA)

Version 2
Publish Date

The purpose of the Cloud Security Technical Reference Architecture (TRA) is to illustrate recommended approaches to cloud migration and data protection, as outlined in Section 3(c)(ii) of Executive Order 14028. As the Federal Government continues to transition to the cloud, the TRA will be a guide for agencies to leverage when migrating to the cloud securely. Additionally, the document explains considerations for shared services, cloud migration, and cloud security posture management.

The Cloud Security TRA was developed through a collaborative, multi-agency effort with contributions from the Cybersecurity and Infrastructure Security Agency (CISA), United States Digital Service (USDS), and the Federal Risk and Authorization Management Program (FedRAMP). The Cloud Security TRA provides agencies with guidance on the shared risk model for cloud service adoption (authored by FedRAMP), how to build a cloud environment (authored by USDS), and how to monitor such an environment through robust cloud security posture management (authored by CISA).

Cloud Security TRA Version 2

In September 2021, version 1 of the Cloud Security TRA was open for public comment. The Response to Comments for Cloud Security Technical Reference Architecture – Summarizes the comments and modifications in response to the feedback received for the version 1.


For questions concerning the Cloud Security Technical Reference Architecture, please contact Sean Connelly, Trusted Internet Connections Program Manager.