diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4cd6065180..51176357da 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -46,6 +46,8 @@ All notable changes to this project will be documented in this file based on the
 * Improved the definitions for `event.category` and `event.action`. #242
 * Clarify the semantics of `network.direction`. #212
 * Add `source.bytes`, `source.packets`, `destination.bytes` and `destination.packets`. #179
+* Add a readme section to declare some top level field sets are reserved for
+  future use. #257
 
 ### Deprecated
 
diff --git a/README.md b/README.md
index 99f9938d04..5d4324d423 100644
--- a/README.md
+++ b/README.md
@@ -526,6 +526,16 @@ Contributions of additional uses cases on top of ECS are welcome.
 
 
 
+# <a name="reserved-names"></a>Reserved Section Names
+
+ECS does not define the following field sets yet, but the following are expected
+in the future. Please avoid using them:
+
+- `match.*`
+- `protocol.*`
+- `threat.*`
+- `vulnerability.*`
+
 # <a name="implementing-ecs"></a>Implementing ECS
 
 ## Guidelines
diff --git a/docs/implementing.md b/docs/implementing.md
index b797666b04..d3bc92d204 100644
--- a/docs/implementing.md
+++ b/docs/implementing.md
@@ -1,3 +1,13 @@
+# <a name="reserved-names"></a>Reserved Section Names
+
+ECS does not define the following field sets yet, but the following are expected
+in the future. Please avoid using them:
+
+- `match.*`
+- `protocol.*`
+- `threat.*`
+- `vulnerability.*`
+
 # <a name="implementing-ecs"></a>Implementing ECS
 
 ## Guidelines