diff --git a/environments/skeleton/{{cookiecutter.environment}}/tofu/control.tf b/environments/skeleton/{{cookiecutter.environment}}/tofu/control.tf
index 6e52a3aed..dc1c05b3b 100644
--- a/environments/skeleton/{{cookiecutter.environment}}/tofu/control.tf
+++ b/environments/skeleton/{{cookiecutter.environment}}/tofu/control.tf
@@ -14,8 +14,8 @@ resource "openstack_networking_port_v2" "control" {
     subnet_id = data.openstack_networking_subnet_v2.cluster_subnet[each.key].id
   }
 
-  port_security_enabled = lookup(each.value, "port_security_enabled", null)
-  security_group_ids = lookup(each.value, "port_security_enabled", null) != false ? [for o in data.openstack_networking_secgroup_v2.nonlogin: o.id] : []
+  no_security_groups = lookup(each.value, "no_security_groups", false)
+  security_group_ids = lookup(each.value, "no_security_groups", false) ? [] : [for o in data.openstack_networking_secgroup_v2.nonlogin: o.id]
 
   binding {
     vnic_type = lookup(var.vnic_types, each.key, "normal")
diff --git a/environments/skeleton/{{cookiecutter.environment}}/tofu/node_group/nodes.tf b/environments/skeleton/{{cookiecutter.environment}}/tofu/node_group/nodes.tf
index 426689bb9..f5d3424e6 100644
--- a/environments/skeleton/{{cookiecutter.environment}}/tofu/node_group/nodes.tf
+++ b/environments/skeleton/{{cookiecutter.environment}}/tofu/node_group/nodes.tf
@@ -44,9 +44,9 @@ resource "openstack_networking_port_v2" "compute" {
   fixed_ip {
     subnet_id = data.openstack_networking_subnet_v2.subnet[each.value.network].id
   }
-
-  port_security_enabled = lookup(each.value, "port_security_enabled", null)
-  security_group_ids = lookup(each.value, "port_security_enabled", null) != false ? var.security_group_ids : []
+  
+  no_security_groups = lookup(each.value, "no_security_groups", false)
+  security_group_ids = lookup(each.value, "no_security_groups", false) ? [] : var.security_group_ids
 
   binding {
     vnic_type = lookup(var.vnic_types, each.value.network, "normal")
diff --git a/environments/skeleton/{{cookiecutter.environment}}/tofu/variables.tf b/environments/skeleton/{{cookiecutter.environment}}/tofu/variables.tf
index bbcef8734..73c872feb 100644
--- a/environments/skeleton/{{cookiecutter.environment}}/tofu/variables.tf
+++ b/environments/skeleton/{{cookiecutter.environment}}/tofu/variables.tf
@@ -15,7 +15,7 @@ variable "cluster_networks" {
         List of mappings defining networks. Mapping key/values:
             network: Required. Name of existing network
             subnet: Required. Name of existing subnet
-            port_security_enabled: Optional. Bool, default null (for networks not owned by project)
+            no_security_groups: Optional. Bool (default: false). Disable security groups
     EOT
 }