diff --git a/WHATSNEW.md b/WHATSNEW.md
index 76f8baf6..53dc54cb 100644
--- a/WHATSNEW.md
+++ b/WHATSNEW.md
@@ -10,6 +10,23 @@ This document attempts to track **major** changes and additions in ENiGMA½. For
 + `oputil.js user 2fa USERNAME TYPE` enables 2-factor authentication for a user.
 * `oputil.js user info USERNAME --security` can now display additional security information such as 2FA/OTP.
 * `oputil.js fb scan --quick` is now the default. Override with `--full-scan`.
+* ACS checks can now be applied to form actions. For example:
+```hjson
+{
+    value: { command: "SEC" }
+    action: [
+        {
+            //  secure connections can go here
+            acs: SC
+            action: @menu:securityMenu
+        }
+        {
+            //  non-secure connections
+            action: @menu:secureConnectionRequired
+        }
+    ]
+}
+```
 
 ## 0.0.9-alpha
 * Development is now against Node.js 10.x LTS. While other Node.js series may continue to work, you're own your own and YMMV!
diff --git a/core/menu_util.js b/core/menu_util.js
index c05f90d9..18b17d9f 100644
--- a/core/menu_util.js
+++ b/core/menu_util.js
@@ -172,7 +172,8 @@ function handleAction(client, formData, conf, cb) {
         return cb(Errors.MissingParam('Missing config'));
     }
 
-    const actionAsset = asset.parseAsset(conf.action);
+    const action = client.acs.getConditionalValue(conf.action, 'action');    //  handle any conditionals
+    const actionAsset = asset.parseAsset(action);
     if(!_.isObject(actionAsset)) {
         return cb(Errors.Invalid('Unable to parse "conf.action"'));
     }