With cloud computing and the evolution towards 5G, dynamic, self-provisioned and flexible service architectures will become even more prominent. Instead of deploying a service and its component on a single platform, components may be spread out to run at the mobile edge. At the same time, mobile edge computing requires that services move around with their consumers. In this highly dynamic service deployment scenario, it is important to maintain technology-agnostic service descriptions. In addition, these service descriptions must carry their associated security policies with them to be able to decide whether resources are usable when upscaling or moving a service. To this end, we illustrate the definition of security policies in the technology-agnostic TOSCA service specification language. Our goal is to initiate the development of a security policy catalog for NFV services and the implementation of the necessary software tools for their enforcement.