Physical objects are getting connected to the Internet at an exceptional rate, making the idea of the Internet of Things (IoT) a reality. The IoT ecosystem is evident everywhere in the form of smart homes, health care systems, wearables, connected vehicles, and industries. This has given rise to risks associated with the privacy and security of systems. Security issues and cyber attacks on IoT devices may potentially hinder the growth of IoT products due to deficiencies in the architecture. To counter these issues, we need to implement privacy and security right from the building blocks of IoT. The IoT architecture has evolved over the years, improving the stack of architecture with new solutions such as scalability, management, interoperability, and extensibility. This emphasizes the need to standardize and organize the IoT reference architecture in federation with privacy and security concerns. In this study, we examine and analyze 12 existing IoT reference architectures to identify their shortcomings on the basis of the requirements addressed in the standards. We propose an architecture, the privacy-federated IoT security reference architecture (PF-IoT-SRA), which interprets all the involved privacy metrics and counters major threats and attacks in the IoT communication environment. It is a step toward the standardization of the domain architecture. We effectively validate our proposed reference architecture using the architecture trade-off analysis method (ATAM), an industry-recognized scenario-based approach.