diff --git a/userdocs/mkdocs.yml b/userdocs/mkdocs.yml
index 4f346a1d34..8c285d6063 100644
--- a/userdocs/mkdocs.yml
+++ b/userdocs/mkdocs.yml
@@ -16,6 +16,7 @@ nav:
     - Usage:
         - usage/creating-and-managing-clusters.md
         - usage/managing-nodegroups.md
+        - usage/security.md
         - usage/cluster-upgrade.md
         - usage/autoscaling.md
         - usage/custom-ami-support.md
diff --git a/userdocs/src/usage/security.md b/userdocs/src/usage/security.md
new file mode 100644
index 0000000000..eab9445469
--- /dev/null
+++ b/userdocs/src/usage/security.md
@@ -0,0 +1,19 @@
+# Security
+
+`eksctl` provides some options that can improve the security of your EKS cluster.
+
+## `withOIDC`
+
+Enable [`withOIDC`](/usage/schema/#iam-withOIDC) to automatically create an [IRSA](/usage/iamserviceaccounts/) for the amazon CNI plugin and
+limit permissions granted to nodes in your cluster, instead granting the necessary permissions
+only to the CNI service account. The background is described in [this AWS
+documentation](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-cni-walkthrough.html).
+
+## `disablePodIMDS`
+
+For managed and unmanaged nodegroups, [`disablePodIMDS`](/usage/schema/#nodeGroups-disablePodIMDS) option is available prevents all
+non host networking pods running in this nodegroup from making IMDS requests.
+
+!!!note
+    This can not be used together with [`withAddonPolicies`](/usage/iam-policies/).
+