Cyber-physical systems (CPS) are the next generation of engineered systems into which computing, communication, and control technologies are now being closely integrated. They play an increasingly important role in critical infrastructures, governments and everyday life. Security is crucial in CPS, but they were not, unfortunately, initially conceived as a secure environment, and if these security issues are to be incorporated, then security must be considered from the very beginning of the system design. One way in which to solve this problem is by having a global perspective, which can be achieved by employing a Reference Architecture (RA), since it is a high-level abstraction of a system that could be useful in the implementation of complex systems. It is widely accepted that adding elements in order to address many security factors (integrity, confidentiality, availability, etc.) and facilitate the definition of the security requirements of a Security Reference Architecture (SRA) is a good starting point when attempting to solve these kinds of cybersecurity problems and protect the system from the beginning of the development. An SRA makes it possible to define the key elements of a specific environment, thus allowing a better understanding of the inherent elements of the environments, while promoting the integration of security aspects and mechanisms. The present paper, therefore, presents the definition of an SRA for CPS by using UML models in an attempt to facilitate secure CPS implementations.