diff --git a/charts/shield/Chart.yaml b/charts/shield/Chart.yaml
index a63db253d..8e382f33e 100644
--- a/charts/shield/Chart.yaml
+++ b/charts/shield/Chart.yaml
@@ -13,5 +13,5 @@ maintainers:
   - name: mavimo
     email: marcovito.moscaritolo@sysdig.com
 type: application
-version: 0.6.2
+version: 0.6.3
 appVersion: "1.0.0"
diff --git a/charts/shield/templates/host/_helpers.tpl b/charts/shield/templates/host/_helpers.tpl
index a677c8419..80d34fc88 100644
--- a/charts/shield/templates/host/_helpers.tpl
+++ b/charts/shield/templates/host/_helpers.tpl
@@ -156,8 +156,12 @@ true
 privileged: true
 runAsNonRoot: false
 runAsUser: 0
+runAsGroup: 0
 readOnlyRootFilesystem: false
 allowPrivilegeEscalation: true
+capabilities:
+  drop:
+    - ALL
 {{- else }}
 allowPrivilegeEscalation: false
 seccompProfile:
diff --git a/charts/shield/templates/host/daemonset.yaml b/charts/shield/templates/host/daemonset.yaml
index ef55c15dd..6d9f6f08b 100644
--- a/charts/shield/templates/host/daemonset.yaml
+++ b/charts/shield/templates/host/daemonset.yaml
@@ -44,9 +44,13 @@ spec:
           securityContext:
             privileged: true
             runAsNonRoot: false
+            runAsGroup: 0
             runAsUser: 0
             readOnlyRootFilesystem: false
             allowPrivilegeEscalation: true
+            capabilities:
+              drop:
+                - ALL
           resources:
             {{- (include "host.kmodule_resources" .) | nindent 12 }}
           env:
diff --git a/charts/shield/tests/host/security_context_test.yaml b/charts/shield/tests/host/security_context_test.yaml
index 3ec1472b3..8448e24f0 100644
--- a/charts/shield/tests/host/security_context_test.yaml
+++ b/charts/shield/tests/host/security_context_test.yaml
@@ -30,6 +30,10 @@ tests:
             readOnlyRootFilesystem: false
             runAsNonRoot: false
             runAsUser: 0
+            runAsGroup: 0
+            capabilities:
+              drop:
+                - ALL
 
   - it: Ensure the securityContext for a non-privileged agent contains the keys defined
     set:
@@ -126,3 +130,34 @@ tests:
                 - SYS_TIME
                 - SYS_TTY_CONFIG
                 - WAKE_ALARM
+  - it: Ensure the securityContext contains the mandatory keys
+    asserts:
+      - isSubset:
+          path: spec.template.spec['initContainers','containers'][:].securityContext.capabilities
+          content:
+            drop:
+              - ALL
+      - exists:
+          path: spec.template.spec.initContainers[:].securityContext.runAsNonRoot
+      - exists:
+          path: spec.template.spec.containers[:].securityContext.runAsNonRoot
+      - exists:
+          path: spec.template.spec.initContainers[:].securityContext.runAsUser
+      - exists:
+          path: spec.template.spec.containers[:].securityContext.runAsUser
+      - exists:
+          path: spec.template.spec.initContainers[:].securityContext.runAsGroup
+      - exists:
+          path: spec.template.spec.containers[:].securityContext.runAsGroup
+      - exists:
+          path: spec.template.spec.initContainers[:].securityContext.privileged
+      - exists:
+          path: spec.template.spec.containers[:].securityContext.privileged
+      - exists:
+          path: spec.template.spec.initContainers[:].securityContext.allowPrivilegeEscalation
+      - exists:
+          path: spec.template.spec.containers[:].securityContext.allowPrivilegeEscalation
+      - exists:
+          path: spec.template.spec.initContainers[:].securityContext.readOnlyRootFilesystem
+      - exists:
+          path: spec.template.spec.containers[:].securityContext.readOnlyRootFilesystem