diff --git a/github/resource_github_actions_organization_permissions.go b/github/resource_github_actions_organization_permissions.go
index ca035d483a..4b84a44adf 100644
--- a/github/resource_github_actions_organization_permissions.go
+++ b/github/resource_github_actions_organization_permissions.go
@@ -57,6 +57,11 @@ func resourceGithubActionsOrganizationPermissions() *schema.Resource {
 							Optional:    true,
 							Description: "Whether actions in GitHub Marketplace from verified creators are allowed. Set to 'true' to allow all GitHub Marketplace actions by verified creators.",
 						},
+						"sha_pinning_required": {
+							Type:        schema.TypeBool,
+							Optional:    true,
+							Description: "Whether pinning to a specific SHA is required for all actions and reusable workflows in an organization.",
+						},
 					},
 				},
 			},
@@ -96,6 +101,10 @@ func resourceGithubActionsOrganizationAllowedObject(d *schema.ResourceData) *git
 			allowed.VerifiedAllowed = &x
 		}
 
+		if v, ok := data["sha_pinning_required"]; ok {
+			allowed.SHAPinningRequired = github.Ptr(v.(bool))
+		}
+
 		patternsAllowed := []string{}
 
 		switch t := data["patterns_allowed"].(type) {
@@ -226,6 +235,7 @@ func resourceGithubActionsOrganizationPermissionsRead(d *schema.ResourceData, me
 					"github_owned_allowed": actionsAllowed.GetGithubOwnedAllowed(),
 					"patterns_allowed":     actionsAllowed.PatternsAllowed,
 					"verified_allowed":     actionsAllowed.GetVerifiedAllowed(),
+					"sha_pinning_required": actionsAllowed.GetShaPinningRequired(),
 				},
 			}); err != nil {
 				return err
diff --git a/github/resource_github_actions_organization_permissions_test.go b/github/resource_github_actions_organization_permissions_test.go
index 0197a83463..c36eb872f2 100644
--- a/github/resource_github_actions_organization_permissions_test.go
+++ b/github/resource_github_actions_organization_permissions_test.go
@@ -46,6 +46,7 @@ func TestAccGithubActionsOrganizationPermissions(t *testing.T) {
 		enabledRepositories := "selected"
 		githubOwnedAllowed := true
 		verifiedAllowed := true
+		shaPinningRequired := true
 		randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum)
 
 		config := fmt.Sprintf(`
@@ -62,12 +63,13 @@ func TestAccGithubActionsOrganizationPermissions(t *testing.T) {
 					github_owned_allowed = %t
 					patterns_allowed     = ["actions/cache@*", "actions/checkout@*"]
 					verified_allowed     = %t
+					sha_pinning_required = %t
 				}
 				enabled_repositories_config {
 					repository_ids       = [github_repository.test.repo_id]
 				}
 			}
-		`, randomID, allowedActions, enabledRepositories, githubOwnedAllowed, verifiedAllowed)
+		`, randomID, allowedActions, enabledRepositories, githubOwnedAllowed, verifiedAllowed, shaPinningRequired)
 
 		check := resource.ComposeTestCheckFunc(
 			resource.TestCheckResourceAttr(
diff --git a/github/resource_github_actions_repository_permissions.go b/github/resource_github_actions_repository_permissions.go
index 2c45a62d36..ff25a0042d 100644
--- a/github/resource_github_actions_repository_permissions.go
+++ b/github/resource_github_actions_repository_permissions.go
@@ -50,6 +50,11 @@ func resourceGithubActionsRepositoryPermissions() *schema.Resource {
 							Optional:    true,
 							Description: "Whether actions in GitHub Marketplace from verified creators are allowed. Set to 'true' to allow all GitHub Marketplace actions by verified creators.",
 						},
+						"sha_pinning_required": {
+							Type:        schema.TypeBool,
+							Optional:    true,
+							Description: "Whether pinning to a specific SHA is required for all actions and reusable workflows in a repository.",
+						},
 					},
 				},
 			},
@@ -85,6 +90,10 @@ func resourceGithubActionsRepositoryAllowedObject(d *schema.ResourceData) *githu
 			allowed.VerifiedAllowed = &x
 		}
 
+		if v, ok := data["sha_pinning_required"]; ok {
+			allowed.SHAPinningRequired = github.Ptr(v.(bool))
+		}
+
 		patternsAllowed := []string{}
 
 		switch t := data["patterns_allowed"].(type) {
@@ -189,6 +198,7 @@ func resourceGithubActionsRepositoryPermissionsRead(d *schema.ResourceData, meta
 					"github_owned_allowed": actionsAllowed.GetGithubOwnedAllowed(),
 					"patterns_allowed":     actionsAllowed.PatternsAllowed,
 					"verified_allowed":     actionsAllowed.GetVerifiedAllowed(),
+					"sha_pinning_required": actionsAllowed.GetShaPinningRequired(),
 				},
 			}); err != nil {
 				return err
diff --git a/github/resource_github_actions_repository_permissions_test.go b/github/resource_github_actions_repository_permissions_test.go
index 9ab8191ca2..72d7c9bb42 100644
--- a/github/resource_github_actions_repository_permissions_test.go
+++ b/github/resource_github_actions_repository_permissions_test.go
@@ -48,6 +48,7 @@ func TestAccGithubActionsRepositoryPermissions(t *testing.T) {
 		allowedActions := "selected"
 		githubOwnedAllowed := true
 		verifiedAllowed := true
+		shaPinningRequired := true
 		randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum)
 
 		config := fmt.Sprintf(`
@@ -63,10 +64,11 @@ func TestAccGithubActionsRepositoryPermissions(t *testing.T) {
 					github_owned_allowed = %t
 					patterns_allowed     = ["actions/cache@*", "actions/checkout@*"]
 					verified_allowed     = %t
+					sha_pinning_required = %t
 				}
 				repository = github_repository.test.name
 			}
-		`, randomID, allowedActions, githubOwnedAllowed, verifiedAllowed)
+		`, randomID, allowedActions, githubOwnedAllowed, verifiedAllowed, shaPinningRequired)
 
 		check := resource.ComposeTestCheckFunc(
 			resource.TestCheckResourceAttr(