diff --git a/content/en/docs/concepts/security/pod-security-standards.md b/content/en/docs/concepts/security/pod-security-standards.md
index 60cc021ae6..ffe1aa45f2 100644
--- a/content/en/docs/concepts/security/pod-security-standards.md
+++ b/content/en/docs/concepts/security/pod-security-standards.md
@@ -56,8 +56,8 @@ developers of non-critical applications. The following listed controls should be
 enforced/disallowed:
 
 <table>
-    <caption style="display:none">Baseline policy specification</caption>
-    <tbody>
+	<caption style="display:none">Baseline policy specification</caption>
+	<tbody>
 		<tr>
 			<td><strong>Control</strong></td>
 			<td><strong>Policy</strong></td>
@@ -115,7 +115,7 @@ enforced/disallowed:
 		<tr>
 			<td>AppArmor <em>(optional)</em></td>
 			<td>
-				On supported hosts, the `runtime/default` AppArmor profile is applied by default. The default policy should prevent overriding or disabling the policy, or restrict overrides to a whitelisted set of profiles.<br>
+				On supported hosts, the 'runtime/default' AppArmor profile is applied by default. The default policy should prevent overriding or disabling the policy, or restrict overrides to a whitelisted set of profiles.<br>
 				<br><b>Restricted Fields:</b><br>
 				metadata.annotations['container.apparmor.security.beta.kubernetes.io/*']<br>
 				<br><b>Allowed Values:</b> 'runtime/default', undefined<br>
@@ -146,14 +146,14 @@ enforced/disallowed:
 			<td>Sysctls</td>
 			<td>
 				Sysctls can disable security mechanisms or affect all containers on a host, and should be disallowed except for a whitelisted "safe" subset.
-                A sysctl is considered safe if it is namespaced in the container or the pod, and it is isolated from other pods or processes on the same node.<br>
+				A sysctl is considered safe if it is namespaced in the container or the Pod, and it is isolated from other Pods or processes on the same Node.<br>
 				<br><b>Restricted Fields:</b><br>
 				spec.securityContext.sysctls<br>
 				<br><b>Allowed Values:</b><br>
-                kernel.shm_rmid_forced<br>
-                net.ipv4.ip_local_port_range<br>
-                net.ipv4.tcp_syncookies<br>
-                net.ipv4.ping_group_range<br>
+				kernel.shm_rmid_forced<br>
+				net.ipv4.ip_local_port_range<br>
+				net.ipv4.tcp_syncookies<br>
+				net.ipv4.ping_group_range<br>
 				undefined/empty<br>
 			</td>
 		</tr>
@@ -168,7 +168,7 @@ well as lower-trust users.The following listed controls should be enforced/disal
 
 
 <table>
-    <caption style="display:none">Restricted policy specification</caption>
+	<caption style="display:none">Restricted policy specification</caption>
 	<tbody>
 		<tr>
 			<td><strong>Control</strong></td>
@@ -209,7 +209,7 @@ well as lower-trust users.The following listed controls should be enforced/disal
 		<tr>
 			<td>Privilege Escalation</td>
 			<td>
-                Privilege escalation to root should not be allowed.<br>
+				Privilege escalation to root should not be allowed.<br>
 				<br><b>Restricted Fields:</b><br>
 				spec.containers[*].securityContext.privileged<br>
 				spec.initContainers[*].securityContext.privileged<br>
@@ -219,7 +219,7 @@ well as lower-trust users.The following listed controls should be enforced/disal
 		<tr>
 			<td>Running as Non-root</td>
 			<td>
-                Containers must be required to run as non-root users.<br>
+				Containers must be required to run as non-root users.<br>
 				<br><b>Restricted Fields:</b><br>
 				spec.securityContext.runAsNonRoot<br>
 				spec.containers[*].securityContext.runAsNonRoot<br>
@@ -230,7 +230,7 @@ well as lower-trust users.The following listed controls should be enforced/disal
 		<tr>
 			<td>Non-root groups <em>(optional)</em></td>
 			<td>
-                Containers should be forbidden from running with a root primary or supplementary GID.<br>
+				Containers should be forbidden from running with a root primary or supplementary GID.<br>
 				<br><b>Restricted Fields:</b><br>
 				spec.securityContext.runAsGroup<br>
 				spec.securityContext.supplementalGroups[*]<br>
@@ -249,12 +249,12 @@ well as lower-trust users.The following listed controls should be enforced/disal
 		<tr>
 			<td>Seccomp</td>
 			<td>
-				The runtime/default seccomp profile must be required, or allow additional whitelisted values.<br>
+				The 'runtime/default' seccomp profile must be required, or allow additional whitelisted values.<br>
 				<br><b>Restricted Fields:</b><br>
 				metadata.annotations['seccomp.security.alpha.kubernetes.io/pod']<br>
 				metadata.annotations['container.seccomp.security.alpha.kubernetes.io/*']<br>
 				<br><b>Allowed Values:</b><br>
-				runtime/default<br>
+				'runtime/default'<br>
 				undefined (container annotation)<br>
 			</td>
 		</tr>

Control	Policy
AppArmor (optional)	- On supported hosts, the `runtime/default` AppArmor profile is applied by default. The default policy should prevent overriding or disabling the policy, or restrict overrides to a whitelisted set of profiles. + On supported hosts, the 'runtime/default' AppArmor profile is applied by default. The default policy should prevent overriding or disabling the policy, or restrict overrides to a whitelisted set of profiles. Restricted Fields: metadata.annotations['container.apparmor.security.beta.kubernetes.io/'] Allowed Values:* 'runtime/default', undefined @@ -146,14 +146,14 @@ enforced/disallowed:	Sysctls	Sysctls can disable security mechanisms or affect all containers on a host, and should be disallowed except for a whitelisted "safe" subset. - A sysctl is considered safe if it is namespaced in the container or the pod, and it is isolated from other pods or processes on the same node. + A sysctl is considered safe if it is namespaced in the container or the Pod, and it is isolated from other Pods or processes on the same Node. Restricted Fields: spec.securityContext.sysctls Allowed Values: - kernel.shm_rmid_forced - net.ipv4.ip_local_port_range - net.ipv4.tcp_syncookies - net.ipv4.ping_group_range + kernel.shm_rmid_forced + net.ipv4.ip_local_port_range + net.ipv4.tcp_syncookies + net.ipv4.ping_group_range undefined/empty
Control
Privilege Escalation	- Privilege escalation to root should not be allowed. + Privilege escalation to root should not be allowed. Restricted Fields: spec.containers[].securityContext.privileged spec.initContainers[].securityContext.privileged @@ -219,7 +219,7 @@ well as lower-trust users.The following listed controls should be enforced/disal
Running as Non-root	- Containers must be required to run as non-root users. + Containers must be required to run as non-root users. Restricted Fields: spec.securityContext.runAsNonRoot spec.containers[*].securityContext.runAsNonRoot @@ -230,7 +230,7 @@ well as lower-trust users.The following listed controls should be enforced/disal
Non-root groups (optional)	- Containers should be forbidden from running with a root primary or supplementary GID. + Containers should be forbidden from running with a root primary or supplementary GID. Restricted Fields: spec.securityContext.runAsGroup spec.securityContext.supplementalGroups[*] @@ -249,12 +249,12 @@ well as lower-trust users.The following listed controls should be enforced/disal
Seccomp	- The runtime/default seccomp profile must be required, or allow additional whitelisted values. + The 'runtime/default' seccomp profile must be required, or allow additional whitelisted values. Restricted Fields: metadata.annotations['seccomp.security.alpha.kubernetes.io/pod'] metadata.annotations['container.seccomp.security.alpha.kubernetes.io/'] Allowed Values:* - runtime/default + 'runtime/default' undefined (container annotation)