diff --git a/.github/files/required-review.yaml b/.github/files/required-review.yaml
index 62cbae45f7cb..cf7b6fc60496 100644
--- a/.github/files/required-review.yaml
+++ b/.github/files/required-review.yaml
@@ -16,11 +16,12 @@
   teams:
    # Unfortunately this list need to be maintaned manually...
    # yamato-backup-and-security is the group that consists of both yamato-scan and yamato-backup teams.
-   - jetpack-approvers
-   - yamato-backup-and-security
+   - avengers
    - heart-of-gold
+   - jetpack-approvers
    - jetpack-reach
    - red
+   - yamato-backup-and-security
 
 # Jetpack Approvers review the Jetpack plugin and all packages, except for those with specific team ownership.
 - name: Jetpack and packages
@@ -41,6 +42,19 @@
   teams:
    - jetpack-approvers
 
+
+# The Scan team reviews changes to the protect plugin, the WAF package, etc,
+# and can add dependencies to the monorepo's lock file.
+- name: CRM
+  paths:
+    - 'projects/plugins/crm/**'
+    - '!projects/plugins/*/composer.lock'
+    - '!projects/plugins/*/composer.json'
+    - '!projects/plugins/*/changelog/*'
+  teams:
+    - avengers
+    - jetpack-approvers
+
 # The Backup team reviews changes to the VaultPress and Backup plugin,
 # and can add dependencies to the monorepo's lock file.
 - name: VaultPress & Backup