diff --git a/Doc/using/configure.rst b/Doc/using/configure.rst
index 8eaba84e159a40..488ff2fe8baa6e 100644
--- a/Doc/using/configure.rst
+++ b/Doc/using/configure.rst
@@ -907,6 +907,16 @@ Security Options
       The settings ``python`` and *STRING* also set TLS 1.2 as minimum
       protocol version.
 
+.. option:: --disable-openssf-guide=[yes|no|default=yes]
+
+   Disable compiler options that are recommended by `OpenSSF`_ for security reasons.
+   If this option is not enabled, CPython will be build based on the `OpenSSF`_ compiler option guides.
+
+   .. _OpenSSF: https://openssf.org/
+
+   .. versionadded:: 3.14
+
+
 macOS Options
 -------------
 
diff --git a/Misc/NEWS.d/next/Build/2024-07-19-10-14-31.gh-issue-121996.IEb2sz.rst b/Misc/NEWS.d/next/Build/2024-07-19-10-14-31.gh-issue-121996.IEb2sz.rst
new file mode 100644
index 00000000000000..25b3287da58709
--- /dev/null
+++ b/Misc/NEWS.d/next/Build/2024-07-19-10-14-31.gh-issue-121996.IEb2sz.rst
@@ -0,0 +1 @@
+Introduce ./configure --disable-openssf-guide option. Patch by Donghee Na.
diff --git a/configure b/configure
index 36f4bf7c05f7f3..019f2db04bc21c 100755
--- a/configure
+++ b/configure
@@ -1092,6 +1092,7 @@ enable_optimizations
 with_lto
 enable_bolt
 with_strict_overflow
+enable_openssf_guide
 with_dsymutil
 with_address_sanitizer
 with_memory_sanitizer
@@ -1824,6 +1825,8 @@ Optional Features:
                           (default is no)
   --enable-bolt           enable usage of the llvm-bolt post-link optimizer
                           (default is no)
+  --disable-openssf-guide disable usage of the security compiler options
+                          (default is no)
   --enable-loadable-sqlite-extensions
                           support loadable extensions in the sqlite3 module,
                           see Doc/library/sqlite3.rst (default is no)
@@ -9613,7 +9616,28 @@ fi
 
 # Enable flags that warn and protect for potential security vulnerabilities.
 # These flags should be enabled by default for all builds.
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-protector-strong" >&5
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for --disable-openssf-guide" >&5
+printf %s "checking for --disable-openssf-guide... " >&6; }
+# Check whether --enable-openssf_guide was given.
+if test ${enable_openssf_guide+y}
+then :
+  enableval=$enable_openssf_guide; if test "x$enable_openssf_guide" = xyes
+then :
+  disable_openssf_guide=no
+else $as_nop
+  disable_openssf_guide=yes
+fi
+else $as_nop
+  disable_openssf_guide=no
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $disable_openssf_guide" >&5
+printf "%s\n" "$disable_openssf_guide" >&6; }
+
+if test "$disable_openssf_guide" = "no"
+then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-protector-strong" >&5
 printf %s "checking whether C compiler accepts -fstack-protector-strong... " >&6; }
 if test ${ax_cv_check_cflags__Werror__fstack_protector_strong+y}
 then :
@@ -9652,7 +9676,7 @@ else $as_nop
 printf "%s\n" "$as_me: WARNING: -fstack-protector-strong not supported" >&2;}
 fi
 
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wtrampolines" >&5
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wtrampolines" >&5
 printf %s "checking whether C compiler accepts -Wtrampolines... " >&6; }
 if test ${ax_cv_check_cflags__Werror__Wtrampolines+y}
 then :
@@ -9691,7 +9715,7 @@ else $as_nop
 printf "%s\n" "$as_me: WARNING: -Wtrampolines not supported" >&2;}
 fi
 
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -D_FORTIFY_SOURCE=3" >&5
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -D_FORTIFY_SOURCE=3" >&5
 printf %s "checking whether C compiler accepts -D_FORTIFY_SOURCE=3... " >&6; }
 if test ${ax_cv_check_cflags___D_FORTIFY_SOURCE_3+y}
 then :
@@ -9730,6 +9754,7 @@ else $as_nop
 printf "%s\n" "$as_me: WARNING: -D_FORTIFY_SOURCE=3 not supported" >&2;}
 fi
 
+fi
 
 case $GCC in
 yes)
diff --git a/configure.ac b/configure.ac
index 5873002039886a..930bf7b1ef8398 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2458,9 +2458,19 @@ AS_VAR_IF([with_strict_overflow], [yes],
 
 # Enable flags that warn and protect for potential security vulnerabilities.
 # These flags should be enabled by default for all builds.
-AX_CHECK_COMPILE_FLAG([-fstack-protector-strong], [BASECFLAGS="$BASECFLAGS -fstack-protector-strong"], [AC_MSG_WARN([-fstack-protector-strong not supported])], [-Werror])
-AX_CHECK_COMPILE_FLAG([-Wtrampolines], [BASECFLAGS="$BASECFLAGS -Wtrampolines"], [AC_MSG_WARN([-Wtrampolines not supported])], [-Werror])
-AX_CHECK_COMPILE_FLAG([-D_FORTIFY_SOURCE=3], [BASECFLAGS="$BASECFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3"], [AC_MSG_WARN([-D_FORTIFY_SOURCE=3 not supported])])
+
+AC_MSG_CHECKING([for --disable-openssf-guide])
+AC_ARG_ENABLE([openssf_guide],
+  [AS_HELP_STRING([--disable-openssf-guide], [disable usage of the security compiler options (default is no)])],
+  [AS_VAR_IF([enable_openssf_guide], [yes], [disable_openssf_guide=no], [disable_openssf_guide=yes])], [disable_openssf_guide=no])
+AC_MSG_RESULT([$disable_openssf_guide])
+
+if test "$disable_openssf_guide" = "no"
+then
+  AX_CHECK_COMPILE_FLAG([-fstack-protector-strong], [BASECFLAGS="$BASECFLAGS -fstack-protector-strong"], [AC_MSG_WARN([-fstack-protector-strong not supported])], [-Werror])
+  AX_CHECK_COMPILE_FLAG([-Wtrampolines], [BASECFLAGS="$BASECFLAGS -Wtrampolines"], [AC_MSG_WARN([-Wtrampolines not supported])], [-Werror])
+  AX_CHECK_COMPILE_FLAG([-D_FORTIFY_SOURCE=3], [BASECFLAGS="$BASECFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3"], [AC_MSG_WARN([-D_FORTIFY_SOURCE=3 not supported])])
+fi
 
 case $GCC in
 yes)