diff --git a/common/istio-1-22/istio-install/base/kustomization.yaml b/common/istio-1-22/istio-install/base/kustomization.yaml
index da19a0353e..fdb6319b10 100644
--- a/common/istio-1-22/istio-install/base/kustomization.yaml
+++ b/common/istio-1-22/istio-install/base/kustomization.yaml
@@ -16,3 +16,5 @@ patches:
 - path: patches/disable-debugging.yaml
 - path: patches/istio-ingressgateway-remove-pdb.yaml
 - path: patches/istiod-remove-pdb.yaml
+- path: patches/seccomp-istio-ingressgateway.yaml
+- path: patches/seccomp-istiod.yaml
diff --git a/common/istio-1-22/istio-install/base/patches/seccomp-istio-ingressgateway.yaml b/common/istio-1-22/istio-install/base/patches/seccomp-istio-ingressgateway.yaml
new file mode 100644
index 0000000000..f8825a0263
--- /dev/null
+++ b/common/istio-1-22/istio-install/base/patches/seccomp-istio-ingressgateway.yaml
@@ -0,0 +1,16 @@
+# Seccomp profile must be explicitly set to one of the allowed values. Both the Unconfined profile and the absence of a profile are prohibited.
+# According to https://kubernetes.io/docs/concepts/security/pod-security-standards/#:~:text=undefined/null-,Seccomp%20(v1.19%2B),-Seccomp%20profile%20must
+# This is done to enable 'restricted' level security standards for the pods.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: istio-ingressgateway
+  namespace: istio-system
+spec:
+  template:
+    spec:
+      containers:
+      - name: istio-proxy
+        securityContext:
+          seccompProfile:
+            type: RuntimeDefault
diff --git a/common/istio-1-22/istio-install/base/patches/seccomp-istiod.yaml b/common/istio-1-22/istio-install/base/patches/seccomp-istiod.yaml
new file mode 100644
index 0000000000..3174889f85
--- /dev/null
+++ b/common/istio-1-22/istio-install/base/patches/seccomp-istiod.yaml
@@ -0,0 +1,16 @@
+# Seccomp profile must be explicitly set to one of the allowed values. Both the Unconfined profile and the absence of a profile are prohibited.
+# According to https://kubernetes.io/docs/concepts/security/pod-security-standards/#:~:text=undefined/null-,Seccomp%20(v1.19%2B),-Seccomp%20profile%20must
+# This is done to enable 'restricted' level security standards for the pods.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: istiod
+  namespace: istio-system
+spec:
+  template:
+    spec:
+      containers:
+      - name: discovery
+        securityContext:
+          seccompProfile:
+            type: RuntimeDefault
diff --git a/common/istio-cni-1-22/istio-install/base/kustomization.yaml b/common/istio-cni-1-22/istio-install/base/kustomization.yaml
index 79d1fe5817..c3d6f9e06f 100644
--- a/common/istio-cni-1-22/istio-install/base/kustomization.yaml
+++ b/common/istio-cni-1-22/istio-install/base/kustomization.yaml
@@ -14,3 +14,5 @@ patches:
 - path: patches/disable-debugging.yaml
 - path: patches/istio-ingressgateway-remove-pdb.yaml
 - path: patches/istiod-remove-pdb.yaml
+- path: patches/seccomp-istio-ingressgateway.yaml
+- path: patches/seccomp-istiod.yaml
diff --git a/common/istio-cni-1-22/istio-install/base/patches/seccomp-istio-ingressgateway.yaml b/common/istio-cni-1-22/istio-install/base/patches/seccomp-istio-ingressgateway.yaml
new file mode 100644
index 0000000000..f8825a0263
--- /dev/null
+++ b/common/istio-cni-1-22/istio-install/base/patches/seccomp-istio-ingressgateway.yaml
@@ -0,0 +1,16 @@
+# Seccomp profile must be explicitly set to one of the allowed values. Both the Unconfined profile and the absence of a profile are prohibited.
+# According to https://kubernetes.io/docs/concepts/security/pod-security-standards/#:~:text=undefined/null-,Seccomp%20(v1.19%2B),-Seccomp%20profile%20must
+# This is done to enable 'restricted' level security standards for the pods.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: istio-ingressgateway
+  namespace: istio-system
+spec:
+  template:
+    spec:
+      containers:
+      - name: istio-proxy
+        securityContext:
+          seccompProfile:
+            type: RuntimeDefault
diff --git a/common/istio-cni-1-22/istio-install/base/patches/seccomp-istiod.yaml b/common/istio-cni-1-22/istio-install/base/patches/seccomp-istiod.yaml
new file mode 100644
index 0000000000..3174889f85
--- /dev/null
+++ b/common/istio-cni-1-22/istio-install/base/patches/seccomp-istiod.yaml
@@ -0,0 +1,16 @@
+# Seccomp profile must be explicitly set to one of the allowed values. Both the Unconfined profile and the absence of a profile are prohibited.
+# According to https://kubernetes.io/docs/concepts/security/pod-security-standards/#:~:text=undefined/null-,Seccomp%20(v1.19%2B),-Seccomp%20profile%20must
+# This is done to enable 'restricted' level security standards for the pods.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: istiod
+  namespace: istio-system
+spec:
+  template:
+    spec:
+      containers:
+      - name: discovery
+        securityContext:
+          seccompProfile:
+            type: RuntimeDefault
diff --git a/contrib/security/PSS/static/baseline/kustomization.yaml b/contrib/security/PSS/static/baseline/kustomization.yaml
index 3eea89f2c3..ec133f809c 100644
--- a/contrib/security/PSS/static/baseline/kustomization.yaml
+++ b/contrib/security/PSS/static/baseline/kustomization.yaml
@@ -6,4 +6,4 @@ patches:
 - path: patches/istio-labels.yaml
 - path: patches/cert-manager-labels.yaml
 - path: patches/dex-labels.yaml
-- path: patches/oauth2-proxy-labels.yaml
+- path: patches/oauth2-proxy-labels.yaml
\ No newline at end of file