diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 6e9f482a7f7c3e86dc8e81d263dacbbd608c2f81..a231cd5643add20c765d487eeac138b07c3c708b 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,4 +1,4 @@
 include:
-  - project: 'platform-one/big-bang/pipeline-templates/pipeline-templates'
+  - project: "platform-one/big-bang/pipeline-templates/pipeline-templates"
     ref: master
-    file: '/templates/package-tests.yml'
+    file: "/templates/package-tests.yml"
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 8f810a3819d386c44f5c61b5c606365ca7a39966..df56b60d04c6c124950c9676b8ca6caca33324d7 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,4 +1,4 @@
 apiVersion: v2
 name: twistlock
-version: 0.0.4-bb.0
+version: 0.0.4-bb.1
 appVersion: 21.04.412
diff --git a/chart/templates/network-policy/egress-default-deny-external.yml b/chart/templates/network-policy/egress-default-deny-external.yml
new file mode 100644
index 0000000000000000000000000000000000000000..59ddf477eb16757aa6b9dcffe2d2e01bf02f74bc
--- /dev/null
+++ b/chart/templates/network-policy/egress-default-deny-external.yml
@@ -0,0 +1,12 @@
+{{- if .Values.networkPolicies.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-deny-external-egress
+  namespace: "{{ .Release.Namespace }}"
+spec:
+  podSelector: {}
+  policyTypes:
+    - Egress
+  egress: []
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/network-policy/ingress-default-deny.yml b/chart/templates/network-policy/ingress-default-deny.yml
new file mode 100644
index 0000000000000000000000000000000000000000..54c9ad5f3781b8627b0d378a57fa1ef2679696ff
--- /dev/null
+++ b/chart/templates/network-policy/ingress-default-deny.yml
@@ -0,0 +1,12 @@
+{{- if .Values.networkPolicies.enabled}}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-deny-ingress
+  namespace: "{{ .Release.Namespace }}"
+spec:
+  podSelector: {}
+  ingress: []
+  policyTypes:
+    - Ingress
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/network-policy/ingress-egress-istio.yml b/chart/templates/network-policy/ingress-egress-istio.yml
new file mode 100644
index 0000000000000000000000000000000000000000..80fb410aeb46abc785cf43a034e1075f6f5c7591
--- /dev/null
+++ b/chart/templates/network-policy/ingress-egress-istio.yml
@@ -0,0 +1,22 @@
+{{- if and .Values.networkPolicies.enabled .Values.istio.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: istio
+  namespace: "{{ .Release.Namespace }}"
+spec:
+  podSelector: {}
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              app.kubernetes.io/name: istio-controlplane
+  egress:
+    - to:
+      - namespaceSelector:
+          matchLabels:
+            app.kubernetes.io/name: istio-controlplane
+{{- end }}
diff --git a/chart/templates/network-policy/ingress-monitoring.yml b/chart/templates/network-policy/ingress-monitoring.yml
new file mode 100644
index 0000000000000000000000000000000000000000..0bc727413909ec492331206379e4bcdcca4789af
--- /dev/null
+++ b/chart/templates/network-policy/ingress-monitoring.yml
@@ -0,0 +1,17 @@
+{{- if and .Values.networkPolicies.enabled .Values.monitoring.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-scraping
+  namespace: "{{ .Release.Namespace }}"
+spec:
+  ingress:
+    - from:
+        - namespaceSelector: {} # all namespaces for now
+      ports:
+        - port: PROMETHEUS_PORT
+          protocol: TCP
+  podSelector: {} # all pods
+  policyTypes:
+    - Ingress
+{{- end }}
diff --git a/chart/values.yaml b/chart/values.yaml
index 1dfb72a41a6ddf18043db807bdf6f3635a89464c..54266e5b529c8a77960a769ee2834b7294d3b128 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -16,9 +16,12 @@ istio:
     hosts:
       - twistlock.{{ .Values.hostname }}
 
+networkPolicies:
+  enabled: false
+
 # imagePullSecrets defines the secrets to use when pulling the operator container image.
 imagePullSecrets: []
-  
+
 console:
   image:
     repository: registry1.dso.mil/ironbank/twistlock/console/console
@@ -28,7 +31,8 @@ console:
     size: 100Gi
     accessMode: ReadWriteOnce
 
-affinity: {}
+affinity:
+  {}
   # podAntiAffinity:
   #   requiredDuringSchedulingIgnoredDuringExecution:
   #     - topologyKey: "kubernetes.io/hostname"
@@ -44,10 +48,12 @@ affinity: {}
   #         values:
   #         - "twistlock"
 
-nodeSelector: {}
+nodeSelector:
+  {}
   # node-type: twistlock"
 
-tolerations: []
+tolerations:
+  []
   # - key: "key1"
   #   operator: "Equal"
   #   value: "value1"
diff --git a/tests/test-values.yml b/tests/test-values.yml
index 26bab169e12e50d908dcbe4ebf8ec5e381347f27..2986adb9924ae35cbd9a25a1d5751c7ed27cdcd5 100644
--- a/tests/test-values.yml
+++ b/tests/test-values.yml
@@ -2,7 +2,7 @@ istio:
   enabled: true
 
 imagePullSecrets:
-- name: private-registry-mil
+  - name: private-registry-mil
 
 console:
   persistence: