diff --git a/cfgov/apache/conf.d/alias.conf b/cfgov/apache/conf.d/alias.conf
index 9596fbd8dba..48d51b20bc4 100644
--- a/cfgov/apache/conf.d/alias.conf
+++ b/cfgov/apache/conf.d/alias.conf
@@ -12,3 +12,5 @@ Alias /akamai/sureroute-test-object.html ${STATIC_PATH}/akamai-sureroute-test-ob
 Alias /utilities/pages/akamai-sureroute-test-object.htm ${STATIC_PATH}/akamai-sureroute-test-object.html
 # Main static alias
 Alias /static/ ${STATIC_PATH}/
+# Security.txt for CVE disclosure
+Alias /security.txt ${STATIC_PATH}/security.txt
diff --git a/cfgov/unprocessed/root/security.txt b/cfgov/unprocessed/root/security.txt
new file mode 100644
index 00000000000..0eb37ad1009
--- /dev/null
+++ b/cfgov/unprocessed/root/security.txt
@@ -0,0 +1,11 @@
+#To Submit a Cybersecurity Vulnerability Disclosure Report:         
+Contact: mailto:security@cfpb.gov
+
+#Vulnerability Disclosure Policy
+Policy: https://www.consumerfinance.gov/vulnerability-disclosure-policy/
+ 
+#Hiring Opportunities
+Hiring: https://www.consumerfinance.gov/about-us/careers/
+ 
+#Security.txt Information Expiration
+Expires: 2025-10-01T00:00:00.000Z