diff --git a/lms/djangoapps/branding/api.py b/lms/djangoapps/branding/api.py
index b11f86e962..57adfc3f58 100644
--- a/lms/djangoapps/branding/api.py
+++ b/lms/djangoapps/branding/api.py
@@ -241,12 +241,20 @@ def _build_help_center_url(language):
     return support_url
 
 
+def _security_url():
+    """
+    Return the security policy page URL.
+    """
+    return settings.SECURITY_PAGE_URL
+
+
 def _footer_connect_links(language=settings.LANGUAGE_CODE):
     """Return the connect links to display in the footer. """
     links = [
         ("blog", (marketing_link("BLOG"), _("Blog"))),
         ("contact", (_build_support_form_url(full_path=True), _("Contact Us"))),
         ("help-center", (_build_help_center_url(language), _("Help Center"))),
+        ("security", (_security_url(), _("Security"))),
     ]
 
     if language == settings.LANGUAGE_CODE:
diff --git a/lms/envs/common.py b/lms/envs/common.py
index bc532fa105..4361838e4d 100644
--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -3339,6 +3339,13 @@ PASSWORD_RESET_SUPPORT_LINK = ''
 ACTIVATION_EMAIL_SUPPORT_LINK = ''
 LOGIN_ISSUE_SUPPORT_LINK = ''
 
+# .. setting_name: SECURITY_PAGE_URL
+# .. setting_default: None
+# .. setting_description: A link to the site's security disclosure/reporting policy,
+#   to display in the site footer. This will only appear for sites using themes that
+#   use the links produced by ``lms.djangoapps.branding.api.get_footer``.
+SECURITY_PAGE_URL = None
+
 # Days before the expired date that we warn the user
 ENTITLEMENT_EXPIRED_ALERT_PERIOD = 90