diff --git a/drivers/storage/portworx/component/securitycontextconstraints.go b/drivers/storage/portworx/component/securitycontextconstraints.go
index b01735227..0b8a2e2d5 100644
--- a/drivers/storage/portworx/component/securitycontextconstraints.go
+++ b/drivers/storage/portworx/component/securitycontextconstraints.go
@@ -191,11 +191,11 @@ func (s *scc) getSCCs(cluster *opcorev1.StorageCluster) []ocp_secv1.SecurityCont
 				Name: PxSCCName,
 			},
 			AllowHostDirVolumePlugin: true,
-			AllowHostIPC:             true,
+			AllowHostIPC:             false,
 			AllowHostNetwork:         true,
-			AllowHostPID:             true,
-			AllowHostPorts:           true,
-			AllowPrivilegeEscalation: boolPtr(true),
+			AllowHostPID:             false,
+			AllowHostPorts:           false,
+			AllowPrivilegeEscalation: boolPtr(false),
 			AllowPrivilegedContainer: true,
 			AllowedUnsafeSysctls:     []string{"*"},
 			AllowedCapabilities: []corev1.Capability{
@@ -236,7 +236,7 @@ func (s *scc) getSCCs(cluster *opcorev1.StorageCluster) []ocp_secv1.SecurityCont
 			AllowHostNetwork:         true,
 			AllowHostPID:             false,
 			AllowHostPorts:           false,
-			AllowPrivilegeEscalation: boolPtr(true),
+			AllowPrivilegeEscalation: boolPtr(false),
 			AllowPrivilegedContainer: false,
 			FSGroup: ocp_secv1.FSGroupStrategyOptions{
 				Type: ocp_secv1.FSGroupStrategyMustRunAs,
diff --git a/drivers/storage/portworx/testspec/portworxSCC.yaml b/drivers/storage/portworx/testspec/portworxSCC.yaml
index 4df67cf58..eb839f759 100644
--- a/drivers/storage/portworx/testspec/portworxSCC.yaml
+++ b/drivers/storage/portworx/testspec/portworxSCC.yaml
@@ -1,9 +1,9 @@
 allowHostDirVolumePlugin: true
-allowHostIPC: true
+allowHostIPC: false
 allowHostNetwork: true
-allowHostPID: true
-allowHostPorts: true
-allowPrivilegeEscalation: true
+allowHostPID: false
+allowHostPorts: false
+allowPrivilegeEscalation: false
 allowPrivilegedContainer: true
 allowedCapabilities:
 - '*'