Skip to main content
U.S. flag

An official website of the United States government

dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cloud Security Technical Reference Architecture

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the United States Digital Service and FedRAMP, developed the Cloud Security Technical Reference Architecture (TRA) in accordance with Section 3(c)(ii) of Executive Order 14028.

As the federal government continues to transition to the cloud, this TA will be a guide for agencies to leverage when migrating to the cloud securely. The document explains considerations for shared services, cloud migration, and cloud security posture management.

Download the Cloud Security TRA here.

Read more in CISA’s blog post announcing the Cloud Security TRA.

How to comment

The TRA comment period will run from September 7, 2021 to October 1, 2021. CISA encourages readers to provide any comments, feedback, or questions they may have. Reviewers can submit their feedback to

Following the comment period, CISA will collaborate with USDS and FedRAMP to produce a subsequent version of the guidance.