diff --git a/config/prow/plugins.yaml b/config/prow/plugins.yaml
index f65683b6caae..d17068346197 100644
--- a/config/prow/plugins.yaml
+++ b/config/prow/plugins.yaml
@@ -132,6 +132,18 @@ label:
     # This label, for k/website, identifies PRs with large refactoring changes
     - refactor
 
+  restricted_labels:
+    kubernetes/kubernetes:
+        # Security Response Committee (SRC) is allowed to add this label, 
+        # to new and existing GitHub Issues and PRs that announce a fixed CVE triaged by SRC
+      - allowed_teams:
+          - security-response-committee
+        # SIG Security Tooling Lead is an allowed user to assist SRC in this CVE feed automation  
+        allowed_users:
+          - pushkarj
+        # This label is used to filter/tag CVEs announced by SRC
+        label: official-cve-feed
+
 lgtm:
 - repos:
   - bazelbuild
diff --git a/label_sync/labels.md b/label_sync/labels.md
index 4aac610fcb10..69544f1b7d1e 100644
--- a/label_sync/labels.md
+++ b/label_sync/labels.md
@@ -383,6 +383,7 @@ larger set of contributors to apply/remove them.
 | <a id="area/network-policy" href="#area/network-policy">`area/network-policy`</a> | Issues or PRs related to Network Policy subproject| label | |
 | <a id="area/release-eng" href="#area/release-eng">`area/release-eng`</a> | Issues or PRs related to the Release Engineering subproject <br><br> This was previously `area/release-infra`, | label | |
 | <a id="deprecated/hyperkube" href="#deprecated/hyperkube">`deprecated/hyperkube`</a> | Issues or PRs related to the hyperkube subproject <br><br> This was previously `area/hyperkube`, | label | |
+| <a id="official-cve-feed" href="#official-cve-feed">`official-cve-feed`</a> | Issues or PRs related to CVEs officially announced by Security Response Committee (SRC)| anyone |  [label](https://git.k8s.io/test-infra/prow/plugins/label) |
 
 ## Labels that apply to kubernetes/kubernetes, only for issues
 
diff --git a/label_sync/labels.yaml b/label_sync/labels.yaml
index ea2bae70268c..c634cfee1ae9 100644
--- a/label_sync/labels.yaml
+++ b/label_sync/labels.yaml
@@ -1136,6 +1136,12 @@ repos:
         target: prs
         prowPlugin: require-matching-label
         addedBy: prow
+      - color: 0052cc
+        description: Issues or PRs related to CVEs officially announced by Security Response Committee (SRC)
+        name: official-cve-feed
+        target: both
+        prowPlugin: label
+        addedBy: anyone
 
   kubernetes/org:
     labels: