diff --git a/guardrails/securityhub/SCP-SECURITY-HUB-2.json b/guardrails/securityhub/SCP-SECURITY-HUB-2.json
new file mode 100644
index 0000000..d5118a3
--- /dev/null
+++ b/guardrails/securityhub/SCP-SECURITY-HUB-2.json
@@ -0,0 +1,28 @@
+{
+    "Identifier": "SCP-SECURITYHUB-2",
+    "Guardrail": "Prevent Deletion of Members and Invitations from AWS Security Hub",
+    "Rationale": [
+        "An attacker may attempt to delete or disassociate members of SecurityHub to avoid detection during compromise."
+    ], 
+    "Test Scenarios": [
+        {
+            "Test-Scenario": "Disable Security Hub",
+            "Steps": [
+                "Log in to the AWS console with a role that is allowed to disable security hub", 
+                "Delete or disassociate a member"
+            ],
+            "Expected-Result": "Access Denied"
+        }
+    ],
+    "References": [
+        "https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html"
+    ],
+    "Policy-Type": "SCP",
+    "SCP-Type": "Prevent-All", 
+    "IAM Actions": [
+        "securityhub:DeleteInvitations",
+        "securityhub:DeleteMembers",
+        "securityhub:DisassociateMembers"
+    ],
+    "Resource": ["*"]
+}
\ No newline at end of file