The purpose of this document is to define a NIST Cloud Computing Security Reference Architecture (NCC-SRA) – a framework that:  
• identifies a core set of Security Components that can be implemented in a Cloud Ecosystem to secure the environment, the operations, and the data migrated to the cloud;
• provides, for each Cloud Actor, the core set of Security Components that fall under their responsibilities depending on the deployment and service models;
• defines a security-centric formal architectural model that adds a security layer to the current NIST SP 500-292: NIST Cloud Computing Reference Architecture; and
• provides several approaches for analyzing the collected and aggregated data.