Skip to main content

CMS Technical Reference Architecture (TRA)

The technical architecture approach and technical reference standards that must be followed by all CMS IT systems, ensuring policy compliance across the agency

Contact: TRA Team | tra-admin@cms.hhs.gov
slack logoCMS Slack Channel
  • #cms-it-governance

What is the TRA?

The CMS Technical Reference Architecture (TRA) provides the authoritative technical architecture approach and technical reference standards that must be followed by all CMS systems. Having a common set of technical architecture standards helps us ensure the secure and high-quality delivery of healthcare services to beneficiaries, providers, and business partners.

The CMS TRA represents our policy guidance to all Agency business partners wishing to develop, transition, and maintain information systems that interact with the CMS Processing Environments. The CMS TRA is approved and authorized by the CMS Chief Information Officer (CIO) and Chief Technology Officer (CTO).

How does the TRA benefit us?

By requiring all CMS and project teams adhere to the common set of technical architecture standards provided by the TRA, we can:

  • Ensure an effective, standardized operating environment
  • Establish sound and consistent security practices
  • Promote compliance with CMS decisions in future CMS task orders and acquisitions
  • Enable interoperability and encourage reuse/shared infrastructure
  • Provide a consistent set of architectural best practices for use throughout CMS

TRA compliance requirements

Several major releases to the TRA are published annually. New systems are expected to be compliant with the current version of the TRA. For existing systems, compliance with new TRA updates is required within 24 months of publication.

Access the TRA

The current and complete version of the TRA is posted on the CMS TRA website. This is only accessible from the internal CMS network and requires EUA authentication.

External contractors needing access to the TRA can access the public version of the TRA here.

The public version has most of the TRA content, but sensitive information has been redacted. Contractors needing access to the restricted material can request it via their contracting officer's representative (COR).

Contact

For questions or assistance with the TRA, you can reach the TRA team via email: tra-admin@cms.hhs.gov

But if you have a specific technical question, you may want to check first with the CMS Technical Review Board (TRB), which provides technical guidance and advises project teams on their IT efforts, enabling successful integration within the CMS IT environment. You can reach the TRB via email: cms-trb@cms.hhs.gov 

  • Standards for the minimum security and privacy controls required to mitigate risk for CMS information systems

  • Testing and documenting system security and compliance to gain approval to operate the system at CMS

  • Information about the testing and documenting of security compliance requirements for FISMA systems at CMS, so they can be authorized to operate

  • Platform-As-A-Service with tools, security, and support services designed specifically for CMS

  • Considerations and guidelines for CMS business units wanting to use SaaS applications

  • Procedures to help CMS staff and contractors implement federal policies and standards for information security and privacy