diff --git a/chart/templates/neuvector/namespace.yaml b/chart/templates/neuvector/namespace.yaml
index 2724041535e9f44f2e9aa6ede1876103b2ecb063..d3841ec5d1d4367ec65be864336ec941567254fb 100644
--- a/chart/templates/neuvector/namespace.yaml
+++ b/chart/templates/neuvector/namespace.yaml
@@ -8,6 +8,6 @@ metadata:
     app.kubernetes.io/component: "sandbox"
     {{- include "commonLabels" . | nindent 4}}
     {{- if .Values.istio.enabled }}
-    istio-injection: "disabled"
+    istio-injection: {{ dig "istio" "injection" "enabled" .Values.neuvector }}
     {{- end }}
 {{- end }}
\ No newline at end of file
diff --git a/chart/templates/neuvector/values.yaml b/chart/templates/neuvector/values.yaml
index e03d397ca4892b4f3a1f67aab0883284621536c9..f518f2c7d4973b3644e5dd2692bd22d07fc2829c 100644
--- a/chart/templates/neuvector/values.yaml
+++ b/chart/templates/neuvector/values.yaml
@@ -7,11 +7,16 @@ domain: {{ default .Values.domain .Values.hostname }}
 
 openshift: {{ .Values.openshift }}
 
+{{ $istioInjection := (and .Values.istio.enabled (eq (dig "istio" "injection" "enabled" .Values.neuvector) "enabled")) }}
+
 istio:
   enabled: {{ .Values.istio.enabled }}
   neuvector:
     gateways:
     - istio-system/{{ default "public" .Values.neuvector.ingress.gateway }}
+  injection: {{ ternary "enabled" "disabled" $istioInjection }}
+  mtls:
+    mode: PERMISSIVE
 
 {{- if .Values.monitoring.enabled }}
 monitoring:
diff --git a/chart/values.yaml b/chart/values.yaml
index 3e576e07aaa30a395ed7cc0e4f151531d102cada..674418c08ca411a6988a9746eb79d5de3d916615 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -590,7 +590,7 @@ neuvector:
   git:
     repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/neuvector.git
     path: "./chart"
-    tag: "2.4.2-bb.0"
+    tag: "2.4.2-bb.1"
 
   # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
   ingress: