OSC · johrstrom · Jul 17, 2024 · Jul 16, 2024 · Jul 16, 2024 · Jul 16, 2024
diff --git a/source/customizations.rst b/source/customizations.rst
@@ -395,6 +395,8 @@ Note that this will limit the download size for all users of the Open OnDemand i
 
    Values like ``1000M`` or ``20G`` will not be accepted and may cause errors.
 
+.. _set-file-allowlist:
+
 Block or Allow Directory Access
 -------------------------------
 

diff --git a/source/security.rst b/source/security.rst
@@ -23,10 +23,19 @@ Limitations
 
 - **HTTP Traffic to Origin Servers**: Traffic to backend services, including computational resources like Jupyter servers, is currently over HTTP, which is unencrypted. Plans are underway to upgrade this to HTTPS to ensure encryption of data in transit, thereby bolstering security.
 
-Security Controls
------------------
+Controls
+^^^^^^^^
 
-- **Monitoring and Logging**: Comprehensive logging mechanisms are integral for security audits and incident response. Detailed guidelines and settings for these features can be found at :ref:`logging`.
+These are things the the out of the box OnDemand installation will provide
+that some centers may want to change or disable altogether.
+
+- **File Access**: OnDemand lets users navigate the file system. While file permissions
+  limit what a user can view and navigate to, some centers may want to limit this even further.
+  One option is to :ref:`set-file-allowlist` to limit what directories users may navigate to.
+
+
+Additional Information
+----------------------
 
 - **Vulnerability Management**: Active management of security weaknesses includes regular updates and patches. Detailed processes and current security advisories are available at :ref:`vulnerability-management`.
-Original file line number
+Diff line change
@@ Expand Up @@
        Values like ``1000M`` or ``20G`` will not be accepted and may cause errors.
+    .. _set-file-allowlist:
     Block or Allow Directory Access
     -------------------------------
@@ Expand Down @@