diff --git a/guardrails/neptune/SCP-NEPTUNE-1.json b/guardrails/neptune/SCP-NEPTUNE-1.json
new file mode 100644
index 0000000..fb1b6fc
--- /dev/null
+++ b/guardrails/neptune/SCP-NEPTUNE-1.json
@@ -0,0 +1,36 @@
+{
+    "Identifier": "SCP-NEPTUNE-1",
+    "Guardrail": "Prevent creation of unencrypted Neptune databases",
+    "Rationale": [
+        "As a security best practice, customers should encrypt their databases."
+    ], 
+    "Test Scenarios": [
+        {
+            "Test-Scenario": "Create unencrypted Neptune DB",
+            "Steps": [
+                "Log in to the AWS console with a role that has access to Amazon Neptune", 
+                "Goto Databases, and create database , under Additional Configuration, uncheck Encryption"
+            ],
+            "Expected-Result": "Creation failed with Access Denied"
+        }
+    ],
+    "References": [
+        "https://docs.aws.amazon.com/neptune/latest/userguide/encrypt.html"
+    ],
+    "Policy-Type": "SCP",
+    "SCP-Type": "Prevent-All-Except-Condition", 
+    "IAM Actions": ["rds:CreateDBCluster"],
+    "Resource": ["*"],
+    "Condition": [
+        {
+            "Bool":{
+                "rds:StorageEncrypted": "false"
+            },
+            "StringEqualsIgnoreCase": {
+                "rds:DatabaseEngine": [
+                    "graphdb"
+                ]
+            }
+        }
+    ]
+}
\ No newline at end of file
diff --git a/guardrails/securityhub/SCP-SECHUB-1.json b/guardrails/securityhub/SCP-SECHUB-1.json
new file mode 100644
index 0000000..8ca5a50
--- /dev/null
+++ b/guardrails/securityhub/SCP-SECHUB-1.json
@@ -0,0 +1,35 @@
+{
+    "Identifier": "SCP-SECHUB-1",
+    "Guardrail": "Prevent leaving centralization of SecurityHub accounts",
+    "Rationale": [
+        "When SecurityHub is enabled and consolidated within for the AWS Organization, the member accounts should not leave the organization"
+    ], 
+    "Test Scenarios": [
+        {
+            "Test-Scenario": "Disable Security Hub from member account",
+            "Steps": [
+                "Log in to the AWS console with a role that has access to SecurityHub in member account", 
+                "Goto Settings>General , scroll to the bottom of the page and click Disable AWS Security Hub"
+            ],
+            "Expected-Result": "Access Denied"
+        },
+        {
+            "Test-Scenario": "Dissociate Security Hub from SecurityHub administrator account",
+            "Steps": [
+                "Log in to the AWS console with a role that has access to SecurityHub in member account", 
+                "Goto Settings>Accounts , toggle the radio button to dissociate from Security Hub administrator account"
+            ],
+            "Expected-Result": "Access Denied"
+        }
+    ],
+    "References": [
+        "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-disable.html",
+        "https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-data-retention.html",
+        "https://docs.aws.amazon.com/securityhub/latest/userguide/accounts-orgs-disassociate.html"
+    ],
+    "Policy-Type": "SCP",
+    "SCP-Type": "Prevent-All", 
+    "IAM Actions": ["securityhub:DisableSecurityHub", 
+        "securityhub:DissociatefromMasterAccount" ],
+    "Resource": ["*"]
+}
\ No newline at end of file