diff --git a/docs/usage-guide/topics/ch06-security-policies.md b/docs/usage-guide/topics/ch06-security-policies.md
index b6a9f1fb941..2e7e6bf2287 100644
--- a/docs/usage-guide/topics/ch06-security-policies.md
+++ b/docs/usage-guide/topics/ch06-security-policies.md
@@ -30,6 +30,7 @@ The following chart maps the security policy version to protocol version and cip
 |    default    |        |        |    X   |        |    X    |    X    |            |      |     |     |   X   |        |
 | default_fips  |        |        |    X   |        |    X    |    X    |            |      |     |     |   X   |        |
 | default_tls13 |        |        |    X   |    X   |    X    |    X    |      X     |      |     |     |   X   |        |
+|   20250422    |        |        |        |    X   |         |    X    |            |      |     |     |   X   |        |
 |   20240501    |        |        |    X   |        |    X    |    X    |            |      |     |     |   X   |        |
 |   20240502    |        |        |    X   |        |    X    |    X    |            |      |     |     |   X   |        |
 |   20240503    |        |        |    X   |    X   |    X    |    X    |            |      |     |     |   X   |        |
@@ -63,7 +64,7 @@ In contrast, numbered or dated versions are fixed and will never change. The num
 * "default_tls13": "20240503"
 For previous defaults, see the "Default Policy History" section below.
 
-"default_fips" does not currently support TLS1.3. If you need a policy that supports both FIPS and TLS1.3, choose "20230317". We plan to add TLS1.3 support to both "default" and "default_fips" in the future.
+"default_fips" does not currently support TLS1.3. If you need a policy that supports both FIPS and TLS1.3, choose "20250422". We plan to add TLS1.3 support to both "default" and "default_fips" in the future.
 
 "rfc9151" is derived from [Commercial National Security Algorithm (CNSA) Suite Profile for TLS and DTLS 1.2 and 1.3](https://datatracker.ietf.org/doc/html/rfc9151). This policy restricts the algorithms allowed for signatures on certificates in the certificate chain to RSA or ECDSA with sha384, which may require you to update your certificates.
 Like the default policies, this policy may also change if the source RFC definition changes.
@@ -88,6 +89,7 @@ s2n-tls usually prefers AES over ChaCha20. However, some clients-- particularly
 |    default    |     X     |   X   |              |    X    |
 | default_fips  |     X     |   X   |              |    X    |
 | default_tls13 |     X     |   X   |              |    X    |
+|   20250422    |     X     |   X   |              |    X    |
 |   20240501    |     X     |   X   |              |    X    |
 |   20240502    |     X     |   X   |              |    X    |
 |   20240503    |     X     |   X   |              |    X    |
@@ -123,6 +125,7 @@ s2n-tls usually prefers AES over ChaCha20. However, some clients-- particularly
 |    default    |     X     |     X     |    X   |
 | default_fips  |     X     |     X     |        |
 | default_tls13 |     X     |     X     |    X   |
+|   20250422    |     X     |     X     |        |
 |   20240501    |     X     |     X     |    X   |
 |   20240502    |     X     |     X     |        |
 |   20240503    |     X     |     X     |    X   |
diff --git a/tls/s2n_cipher_preferences.c b/tls/s2n_cipher_preferences.c
index 43ee1dfe695..d9063c38190 100644
--- a/tls/s2n_cipher_preferences.c
+++ b/tls/s2n_cipher_preferences.c
@@ -327,6 +327,32 @@ const struct s2n_cipher_preferences cipher_preferences_20240331 = {
     .allow_chacha20_boosting = false,
 };
 
+/*
+ * TLS1.3 support.
+ * FIPS compliant.
+ * No DHE (would require extra setup with s2n_config_add_dhparams)
+ * No CBC ciphers
+ */
+struct s2n_cipher_suite *cipher_suites_20250422[] = {
+    /* TLS1.2 with ECDSA */
+    &s2n_ecdhe_ecdsa_with_aes_128_gcm_sha256,
+    &s2n_ecdhe_ecdsa_with_aes_256_gcm_sha384,
+
+    /* TLS1.2 with RSA */
+    &s2n_ecdhe_rsa_with_aes_128_gcm_sha256,
+    &s2n_ecdhe_rsa_with_aes_256_gcm_sha384,
+
+    /* TLS1.3 */
+    &s2n_tls13_aes_128_gcm_sha256,
+    &s2n_tls13_aes_256_gcm_sha384,
+};
+
+const struct s2n_cipher_preferences cipher_preferences_20250422 = {
+    .count = s2n_array_len(cipher_suites_20250422),
+    .suites = cipher_suites_20250422,
+    .allow_chacha20_boosting = false,
+};
+
 /* Same as 20160411, but with ChaCha20 added as 1st in Preference List */
 struct s2n_cipher_suite *cipher_suites_20190122[] = {
     &s2n_ecdhe_rsa_with_chacha20_poly1305_sha256,
diff --git a/tls/s2n_cipher_preferences.h b/tls/s2n_cipher_preferences.h
index c8b75f03abe..08f80e333b9 100644
--- a/tls/s2n_cipher_preferences.h
+++ b/tls/s2n_cipher_preferences.h
@@ -29,6 +29,7 @@ struct s2n_cipher_preferences {
 
 extern const struct s2n_cipher_preferences cipher_preferences_20230317;
 extern const struct s2n_cipher_preferences cipher_preferences_20240331;
+extern const struct s2n_cipher_preferences cipher_preferences_20250422;
 extern const struct s2n_cipher_preferences cipher_preferences_20140601;
 extern const struct s2n_cipher_preferences cipher_preferences_20141001;
 extern const struct s2n_cipher_preferences cipher_preferences_20150202;
diff --git a/tls/s2n_security_policies.c b/tls/s2n_security_policies.c
index 92c53aeef28..5b9dc8f91df 100644
--- a/tls/s2n_security_policies.c
+++ b/tls/s2n_security_policies.c
@@ -46,6 +46,19 @@ const struct s2n_security_policy security_policy_20240502 = {
     },
 };
 
+const struct s2n_security_policy security_policy_20250416 = {
+    .minimum_protocol_version = S2N_TLS12,
+    .cipher_preferences = &cipher_preferences_20250422,
+    .kem_preferences = &kem_preferences_null,
+    .signature_preferences = &s2n_signature_preferences_20240501,
+    .certificate_signature_preferences = &s2n_certificate_signature_preferences_20201110,
+    .ecc_preferences = &s2n_ecc_preferences_20201021,
+    .rules = {
+            [S2N_PERFECT_FORWARD_SECRECY] = true,
+            [S2N_FIPS_140_3] = true,
+    },
+};
+
 /* TLS1.3 default as of 05/24 */
 const struct s2n_security_policy security_policy_20240503 = {
     .minimum_protocol_version = S2N_TLS12,
@@ -1270,6 +1283,7 @@ struct s2n_security_policy_selection security_policy_selection[] = {
     { .version = "default_tls13", .security_policy = &security_policy_20240503, .ecc_extension_required = 0, .pq_kem_extension_required = 0 },
     { .version = "default_fips", .security_policy = &security_policy_20240502, .ecc_extension_required = 0, .pq_kem_extension_required = 0 },
     { .version = "default_pq", .security_policy = &security_policy_20250512, .ecc_extension_required = 0, .pq_kem_extension_required = 0 },
+    { .version = "20250416", .security_policy = &security_policy_20250416, .ecc_extension_required = 0, .pq_kem_extension_required = 0 },
     { .version = "20241106", .security_policy = &security_policy_20241106, .ecc_extension_required = 0, .pq_kem_extension_required = 0 },
     { .version = "20240501", .security_policy = &security_policy_20240501, .ecc_extension_required = 0, .pq_kem_extension_required = 0 },
     { .version = "20240502", .security_policy = &security_policy_20240502, .ecc_extension_required = 0, .pq_kem_extension_required = 0 },
diff --git a/tls/s2n_security_policies.h b/tls/s2n_security_policies.h
index b837e95ac5a..caca706f071 100644
--- a/tls/s2n_security_policies.h
+++ b/tls/s2n_security_policies.h
@@ -101,6 +101,7 @@ extern const struct s2n_security_policy security_policy_20240501;
 extern const struct s2n_security_policy security_policy_20240502;
 extern const struct s2n_security_policy security_policy_20240503;
 
+extern const struct s2n_security_policy security_policy_20250416;
 extern const struct s2n_security_policy security_policy_20241106;
 extern const struct s2n_security_policy security_policy_20140601;
 extern const struct s2n_security_policy security_policy_20141001;