diff --git a/release/models/macsec/openconfig-macsec.yang b/release/models/macsec/openconfig-macsec.yang
index 53f0eac9bd..bd703a9be0 100644
--- a/release/models/macsec/openconfig-macsec.yang
+++ b/release/models/macsec/openconfig-macsec.yang
@@ -18,11 +18,18 @@ module openconfig-macsec {
     "This module defines configuration and state data for
      MACsec IEEE Std 802.1AE-2018.";
 
-  oc-ext:openconfig-version "1.2.0";
+  oc-ext:openconfig-version "1.3.0";
   oc-ext:regexp-posix;
   oc-ext:catalog-organization "openconfig";
   oc-ext:origin "openconfig";
 
+  revision "2026-01-26" {
+    description
+      "Add interface status and security-policy leaf with should-secure and
+      must-secure enum.";
+    reference "1.3.0";
+  }
+
   revision "2025-01-02" {
     description
       "Add include-sci to allow enable/disable of secure channel
@@ -233,6 +240,8 @@ revision "2023-06-08" {
     description
       "MKA interface state grouping";
 
+    uses macsec-session-status;
+
     container counters {
       description
         "MKA interface counters";
@@ -294,6 +303,30 @@ revision "2023-06-08" {
     }
   }
 
+  grouping macsec-session-status {
+    description
+      "Media Access Control Security (MACsec) status grouping";
+
+    leaf status {
+      description
+        "Status of MACsec on an interface.";
+
+      type enumeration {
+        enum ACTIVE {
+          description  "MACSec is operational and encrypting/decrypting frames
+          on the interface.";
+        }
+        enum INACTIVE {
+          description  "MACSec is disabled on the interface.";
+        }
+        enum PENDING {
+          description  "MACSec is enabled, but the secure channel and
+          association are not yet established.";
+        }
+      }
+    }
+  }
+
   grouping macsec-scsa-tx-interface-state {
     description
       "State leaves assigned with the TX Secure Channel and Secure
@@ -564,6 +597,7 @@ revision "2023-06-08" {
             "Operational state data ";
 
           uses macsec-interface-config;
+          uses macsec-session-status;
 
           container counters {
             description
@@ -657,6 +691,22 @@ revision "2023-06-08" {
         "Rekey on peer loss";
     }
 
+    leaf security-policy {
+        type enumeration {
+          enum SHOULD_SECURE {
+            description  "Encrypted and un-encrypted frames will be
+            processed.";
+          }
+          enum MUST_SECURE {
+            description  "Only encrypted frames will be processed.
+            Unencrypted frames will be dropped.";
+          }
+        }
+      description
+      "List of options for how to handle unencrypted frames on an interface configured
+      to use MACSec.";
+    }
+
     leaf use-updated-eth-header {
       type boolean;
       default "false";