diff --git a/.github/ISSUE_TEMPLATE/security-release-approval.md b/.github/ISSUE_TEMPLATE/security-release-approval.md
new file mode 100644
index 00000000000..e45fa2c6d02
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/security-release-approval.md
@@ -0,0 +1,13 @@
+---
+name: Security release approval
+about: An issue that security must close before releases to approve it.
+title: '$RELEASE_VERSION Security approval'
+labels: release-block
+assignees: 'team/security'
+
+---
+
+Security must close this issue before releases. It is the responsibility of the Security Engineer on rotation the week the release is cut. More steps will be added in the future.
+
+- [ ] All feasible CVEs are closed.
+- [ ] Any open CVEs are documented in the handbook