diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp
index efc229c6a..8f8e25aea 100644
--- a/manifests/profile/base/keystone.pp
+++ b/manifests/profile/base/keystone.pp
@@ -230,6 +230,7 @@ class tripleo::profile::base::keystone (
       ssl_key_admin  => $tls_keyfile_admin,
     }
     include ::keystone::cors
+    include ::keystone::security_compliance
 
     if $ldap_backend_enable {
       validate_hash($ldap_backends_config)
diff --git a/releasenotes/notes/security-compliance-1f5cb3b3be9f7657.yaml b/releasenotes/notes/security-compliance-1f5cb3b3be9f7657.yaml
new file mode 100644
index 000000000..05ad7761e
--- /dev/null
+++ b/releasenotes/notes/security-compliance-1f5cb3b3be9f7657.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    The security compliance manifest was included in the keystone profile. This
+    enables us to configure the security compliance options through t-h-t.