Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-201 (Initial Public Draft)

NIST Cloud Computing Forensic Reference Architecture

Date Published: February 8, 2023
Comments Due: March 31, 2023 (public comment period is CLOSED)
Email Questions to:


Martin Herman (NIST), Michaela Iorga (NIST), Ahsen Michael Salim (American Data Technology), Robert Jackson (SphereCom Enterprises), Mark Hurst (SphereCom Enterprises), Ross Leo (University of Houston-Clear Lake), Anand Kumar Mishra (National Institute of Technology Sikkim), Nancy Landreville (University of Maryland Global Campus), Yien Wang (Auburn University)


This document addresses the need to support a cloud system’s forensic readiness, which is the ability to quickly and effectively collect digital evidence with minimal investigation costs.

The document presents a reference architecture to help users understand the forensic challenges that might exist for an organization’s cloud system based on its architectural capabilities, as well as the mitigation strategies that might be required. The reference architecture is both a methodology and an initial implementation that can be used by cloud system architects, cloud engineers, forensic practitioners, and cloud consumers to analyze and review their cloud computing architectures for forensic readiness.

The public comment period for this initial public draft is open through March 31, 2023. We encourage you to use this comment template when preparing your comments on the draft. The draft also links to this Forensic Reference Architecture Data Set.

NOTE: A call for patent claims is included on page ii of this document. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.



civil litigation; criminal investigation; cybersecurity; digital forensics; enterprise architecture; enterprise operations; forensic readiness; incident response
Control Families

None selected


Download URL

Supplemental Material:
Comment template (xlsx)
Forensic Reference Architecture Data Set (xlsx)

Document History:
02/08/23: SP 800-201 (Draft)


Security and Privacy

general security & privacy


cloud & virtualization


enterprise, forensics