From 28e4ad137811d9718a2cdd04dfee724c3210feb7 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Mon, 28 Jul 2025 10:46:29 -0400
Subject: [PATCH] add sec.md

---
 .../naming-tagging-standard/tags/README.md    | 11 ++--
 .../naming-tagging-standard/tags/sec.md       | 53 +++++++++++++++++++
 2 files changed, 61 insertions(+), 3 deletions(-)
 create mode 100644 aws/documentation/naming-tagging-standard/tags/sec.md

diff --git a/aws/documentation/naming-tagging-standard/tags/README.md b/aws/documentation/naming-tagging-standard/tags/README.md
index e4244bc4..b38b23f8 100644
--- a/aws/documentation/naming-tagging-standard/tags/README.md
+++ b/aws/documentation/naming-tagging-standard/tags/README.md
@@ -20,9 +20,6 @@ Tags from Wiki located [here](wiki.tags.md).
   * [mon_visibility](mon.md#mon_visibility)
   * [mon_extended](mon.md#mon_extended)
 
-# [ops_](ops.md)
-  * [ops_contact](ops.md#ops_contact)
-
 # [Networking](networking.md)
   * [vpc](networking.md#vpc)
   * [subnet](networking.md#subnet)
@@ -32,6 +29,12 @@ Tags from Wiki located [here](wiki.tags.md).
   * [transit-gateway](networking.md#transit-gateway)
   * [transit-gateway-route-table](networking.md#transit-gateway-route-table)
 
+# [ops_](ops.md)
+  * [ops_contact](ops.md#ops_contact)
+
+# [sec_](sec.md)
+  * [sec_csam_id](sec.md#sec_csam_id)
+
 # Third Party Tagging
 
 * [Axonius](third-party/axonius.md)
@@ -55,3 +58,5 @@ Tags from Wiki located [here](wiki.tags.md).
   - add networking
 - 1.0.6 -- 2025-01-14
   - add ops_contact, mon_extended
+- 1.0.7 -- 2025-07-28
+  - add sec_
diff --git a/aws/documentation/naming-tagging-standard/tags/sec.md b/aws/documentation/naming-tagging-standard/tags/sec.md
new file mode 100644
index 00000000..2bd84a85
--- /dev/null
+++ b/aws/documentation/naming-tagging-standard/tags/sec.md
@@ -0,0 +1,53 @@
+# AWS Tags | sec_
+
+The Security tag groups are used to identify specific attributes of a resource which are important to the
+security teams in OCIO.  They are expected to aid in identifying contact information, perhaps with references
+into our Configuration Management Database (CMDB) or associated security systems.
+
+They are prefixed with a label of `sec_`.
+
+The following tags are to be applied to resources which support tagging.
+
+| Tag key               | Status   |
+|-----------------------|----------|
+| [sec_csam_id](#sec_csam_id) | Required for specific resource types |
+
+# Applicability
+
+## Resources which support tagging and require tags as above
+
+(add to this list)
+
+* EC2
+
+## Resources which support tagging but are not considered within scope of specific `sec_` tags
+
+* IAM
+  * Roles
+  * Policies
+  * SAML Provider
+
+## Other Resources
+
+# Tags
+
+## sec_csam_id
+
+(describe)
+
+This is `REQUIRED` for these resources:
+
+* EC2 deployed as a general use OS
+
+### Format
+
+The tag name is all lowercase, and *must* be set to `sec_csam_id`.
+
+### Values
+
+The value is an integer. This reflects and ID maintained by OIS and provided in the CSAM System (add URL).
+
+# CHANGELOG
+
+- 1.0.0 -- 2025-07-28
+  - initial