diff --git a/chart/templates/logging/fluentbit/values.yaml b/chart/templates/logging/fluentbit/values.yaml
index 9d440931b19c9b2cc2202fd12ef38666da67b4aa..91ae644c1fc97749069a644ff2ae6dfe42b00efd 100644
--- a/chart/templates/logging/fluentbit/values.yaml
+++ b/chart/templates/logging/fluentbit/values.yaml
@@ -121,6 +121,18 @@ serviceMonitor:
   scrapeTimeout: 10s
   selector:
     prometheus: monitoring-monitoring-kube-prometheus
+  # conditional passes only if all conditionals are true:
+  # - istio: enabled
+  # - mTLS: SCRICT
+  # - istio injection: enabled (for logging ns)
+  {{- if and .Values.istio.enabled (eq (dig "istio" "mtls" "mode" "STRICT" .Values.fluentbit.values) "STRICT") (eq (dig "istio" "injection" "enabled" .Values.logging.values) "enabled") }}
+  scheme: https
+  tlsConfig:
+    caFile: /etc/prom-certs/root-cert.pem
+    certFile: /etc/prom-certs/cert-chain.pem
+    keyFile: /etc/prom-certs/key.pem
+    insecureSkipVerify: true  # Prometheus does not support Istio security naming, thus skip verifying target pod certificate
+  {{- end }}
 
 dashboards:
   enabled: true
diff --git a/chart/values.yaml b/chart/values.yaml
index ad518752345bdb08c70244eee1a00acb312ad28b..a46bf0996f1fdc526843fe12f797c67a98f03703 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -472,7 +472,7 @@ fluentbit:
   git:
     repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git
     path: "./chart"
-    tag: "0.20.6-bb.0"
+    tag: "0.20.6-bb.1"
 
   # -- Flux reconciliation overrides specifically for the Fluent-Bit Package
   flux: {}