diff --git a/docs/source/index.rst b/docs/source/index.rst
index d4c958c..49191a7 100644
--- a/docs/source/index.rst
+++ b/docs/source/index.rst
@@ -40,6 +40,7 @@ reference documentation on all aspects of the project.
    data-publishing/index
    transactions
    admin-api
+   security
    plugins
    html-templating
    crs
diff --git a/docs/source/security.rst b/docs/source/security.rst
new file mode 100644
index 0000000..706ae6d
--- /dev/null
+++ b/docs/source/security.rst
@@ -0,0 +1,17 @@
+.. _security:
+
+Security
+========
+
+There exist use cases which require authentication and authorization against an API at various granularities
+(collections, processes, etc.), restricting access to a given user, group or role.  Implementing security
+can be as simple as HTTP basic authentication, or as complex as fine-grained access control against a specific
+collection item.
+
+By design, pygeoapi does not have built-in support for access control.  It is up to the user to secure pygeoapi
+as required.
+
+The following projects provide security frameworks atop pygeoapi:
+
+* `fastgeoapi <https://github.com/geobeyond/fastgeoapi>`_
+* `pygeoapi-auth <https://github.com/cartologic/pygeoapi-auth>`_