diff --git a/README.md b/README.md
index 08518a4..cf26408 100644
--- a/README.md
+++ b/README.md
@@ -83,6 +83,7 @@ No modules.
 | <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | Subnets used to create network firewall. | `set(string)` | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to add to all resources | `map(any)` | `{}` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | n/a | `string` | `""` | no |
+| <a name="input_delete_protection"></a> [delete\_protection](#input\_delete\_protection) | n/a | `bool` | true | no |
 
 ## Outputs
 
diff --git a/main.tf b/main.tf
index 35b7a0c..c738f1b 100644
--- a/main.tf
+++ b/main.tf
@@ -15,6 +15,7 @@ resource "aws_networkfirewall_firewall" "main" {
   name                = local.dashed_name
   firewall_policy_arn = aws_networkfirewall_firewall_policy.main.arn
   vpc_id              = var.vpc_id
+  delete_protection   = var.delete_protection
 
   dynamic "subnet_mapping" {
     for_each = var.subnet_ids
diff --git a/variables.tf b/variables.tf
index 9340a30..aed2c91 100644
--- a/variables.tf
+++ b/variables.tf
@@ -87,3 +87,10 @@ variable "block_everything_capacity" {
   type        = number
   default     = 25
 }
+
+variable "delete_protection" {
+  description = "Toggle to enable or disable deletion protection"
+  type        = bool 
+  default     = true  
+  # defaults to true to resolve https://docs.aws.amazon.com/securityhub/latest/userguide/networkfirewall-controls.html#networkfirewall-9
+}
\ No newline at end of file