diff --git a/docs/actions/security-controls.md b/docs/actions/security-controls.md
new file mode 100644
index 0000000..9a3333b
--- /dev/null
+++ b/docs/actions/security-controls.md
@@ -0,0 +1,20 @@
+# Semantic Conventions for `security-control` Actions
+
+Used when span name is `security-control`.
+
+<!-- semconv contrast.action.span.security-control(full) -->
+| Attribute                 | Type | Description                                                  | Examples                                | Requirement Level |
+|---------------------------|---|--------------------------------------------------------------|-----------------------------------------|-------------------|
+| `security.control.method` | string | The method of the custom security control.                   | `com.Acme.OldSecurity.DoLegacySecurity` | Required          |
+| `security.control.name`   | string | The name of the custom security control.                     | `My Custom Security Control `           | Optional          |
+| `security.control.rules`  | string | The rules applicable to the custom security control.         | `reflected-xss`; `path-traversal` | Recommended       |
+| `security.control.type`   | string | The custom security control type.                            | `sanitizer`; `validator`                | Optional          |
+
+`security.control.type` MUST be one of the following:
+
+| Value               | Description     |
+|---------------------|-----------------|
+| `sanitizer`         | Sanitizer       |
+| `input-validator`   | Input Validator |
+| `regex-validator`   | Regex Validator |
+<!-- endsemconv -->