diff --git a/quark/plugin_modules/security_groups.py b/quark/plugin_modules/security_groups.py
index eb12cb0..8da6000 100644
--- a/quark/plugin_modules/security_groups.py
+++ b/quark/plugin_modules/security_groups.py
@@ -27,6 +27,8 @@ from quark import protocols
 CONF = cfg.CONF
 LOG = logging.getLogger(__name__)
 DEFAULT_SG_UUID = "00000000-0000-0000-0000-000000000000"
+GROUP_NAME_MAX_LENGTH = 255
+GROUP_DESCRIPTION_MAX_LENGTH = 255
 
 
 def _validate_security_group_rule(context, rule):
@@ -63,13 +65,28 @@ def _validate_security_group_rule(context, rule):
     return rule
 
 
+def _validate_security_group(security_group):
+    if "name" in security_group:
+        if len(security_group["name"]) > GROUP_NAME_MAX_LENGTH:
+            raise exceptions.InvalidInput(msg="Group name must be 255 "
+                                              "characters or less")
+
+        if security_group["name"] == "default":
+            raise sg_ext.SecurityGroupDefaultAlreadyExists()
+
+    if ("description" in security_group and
+            len(security_group["description"]) > GROUP_DESCRIPTION_MAX_LENGTH):
+        raise exceptions.InvalidInput(msg="Group description must be 255 "
+                                          "characters or less")
+
+
 def create_security_group(context, security_group):
     LOG.info("create_security_group for tenant %s" %
              (context.tenant_id))
     group = security_group["security_group"]
+    _validate_security_group(group)
+
     group_name = group.get('name', '')
-    if group_name == "default":
-        raise sg_ext.SecurityGroupDefaultAlreadyExists()
     group_id = uuidutils.generate_uuid()
 
     with context.session.begin():
@@ -178,6 +195,8 @@ def update_security_group(context, id, security_group):
     if id == DEFAULT_SG_UUID:
         raise sg_ext.SecurityGroupCannotUpdateDefault()
     new_group = security_group["security_group"]
+    _validate_security_group(new_group)
+
     with context.session.begin():
         group = db_api.security_group_find(context, id=id, scope=db_api.ONE)
         db_group = db_api.security_group_update(context, group, **new_group)
diff --git a/quark/tests/plugin_modules/test_security_groups.py b/quark/tests/plugin_modules/test_security_groups.py
index 2474786..8b527e9 100644
--- a/quark/tests/plugin_modules/test_security_groups.py
+++ b/quark/tests/plugin_modules/test_security_groups.py
@@ -209,6 +209,22 @@ class TestQuarkCreateSecurityGroup(test_quark_plugin.TestQuarkPlugin):
                     self.context, {'security_group': group})
                 self.assertTrue(group_create.called)
 
+    def test_create_security_group_name_too_long(self):
+        group = {'name': 'a' * 256, 'description': 'bar',
+                 'tenant_id': self.context.tenant_id}
+        with self._stubs(group):
+            with self.assertRaises(exceptions.InvalidInput):
+                self.plugin.create_security_group(
+                    self.context, {'security_group': group})
+
+    def test_create_security_group_description(self):
+        group = {'name': 'foo', 'description': 'b' * 256,
+                 'tenant_id': self.context.tenant_id}
+        with self._stubs(group):
+            with self.assertRaises(exceptions.InvalidInput):
+                self.plugin.create_security_group(
+                    self.context, {'security_group': group})
+
 
 class TestQuarkDeleteSecurityGroup(test_quark_plugin.TestQuarkPlugin):
     @contextlib.contextmanager