diff --git a/inventory/group_vars/all b/inventory/group_vars/all
index 237cd9211f..7f4268955f 100644
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@@ -72,3 +72,15 @@ nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid"
 # Note that if sudo is true, you need to unset requiretty for 
 # ssh controlpersist to work. 
 sudo: false
+
+
+# This vars get shoved into /etc/system_identification by the base role.
+# Groups and individual hosts should override them with specific info.
+# See http://infrastructure.fedoraproject.org/csi/security-policy/
+csi_security_category: Unspecified
+csi_primary_contact: Fedora Admins - admin@fedoraproject.org
+csi_purpose: Unspecified
+csi_relationship: >
+    Unspecified.
+    * What hosts/services does this rely on?
+    * What hosts/services rely on this?
diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 5d96ad7629..b22e518d6c 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -261,3 +261,6 @@
   tags:
   - config
   - base
+
+- name: Drop in a little system_identification note
+  template: src=system_identification dest=/etc/system_identification
diff --git a/roles/base/templates/system_identification b/roles/base/templates/system_identification
new file mode 100644
index 0000000000..d94ddc68cd
--- /dev/null
+++ b/roles/base/templates/system_identification
@@ -0,0 +1,7 @@
+Security Category: {{csi_security_category}}
+Primary Contact: {{csi_primary_contact}}
+Environment: {{env}}
+Purpose: {{csi_purpose}}
+Relationship: {{csi_relationship}}
+
+This document is provided as part of CSI standards.  See http://infrastructure.fedoraproject.org/csi/security-policy/ for more information.