diff --git a/CHANGELOG.md b/CHANGELOG.md
index 861e9d9..49cd7c9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Changed
+
+- Add PSS flag for PSP->PSS migration.
+
 ## [1.3.0] - 2023-08-29
 
 ### Changed
diff --git a/helm/linkerd-viz/templates/psp.yaml b/helm/linkerd-viz/templates/psp.yaml
index 6392754..2c1b485 100644
--- a/helm/linkerd-viz/templates/psp.yaml
+++ b/helm/linkerd-viz/templates/psp.yaml
@@ -1,4 +1,4 @@
-{{ if .Values.enablePSP -}}
+{{ if and .Values.enablePSP (not .Values.global.podSecurityStandards.enforced) -}}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
diff --git a/helm/linkerd-viz/values.schema.json b/helm/linkerd-viz/values.schema.json
index b284803..0aa4bcb 100644
--- a/helm/linkerd-viz/values.schema.json
+++ b/helm/linkerd-viz/values.schema.json
@@ -115,6 +115,22 @@
         "enablePodAntiAffinity": {
             "type": "boolean"
         },
+        "enablePodDisruptionBudget": {
+            "type": "boolean"
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "podSecurityStandards": {
+                    "type": "object",
+                    "properties": {
+                        "enforced": {
+                            "type": "boolean"
+                        }
+                    }
+                }
+            }
+        },
         "grafana": {
             "type": "object",
             "properties": {
diff --git a/helm/linkerd-viz/values.yaml b/helm/linkerd-viz/values.yaml
index 7cab504..45efaed 100644
--- a/helm/linkerd-viz/values.yaml
+++ b/helm/linkerd-viz/values.yaml
@@ -68,6 +68,9 @@ enablePodDisruptionBudget: true
 # `enabledPSP` is set to true on the control plane install. Note PSP has been
 # deprecated since k8s v1.21
 enablePSP: false
+global:
+  podSecurityStandards:
+    enforced: false
 
 # -- url of external prometheus instance
 prometheusUrl: ""
diff --git a/vendir.lock.yml b/vendir.lock.yml
index 56c317f..9997f60 100644
--- a/vendir.lock.yml
+++ b/vendir.lock.yml
@@ -2,11 +2,10 @@ apiVersion: vendir.k14s.io/v1alpha1
 directories:
 - contents:
   - git:
-      commitTitle: Merge remote-tracking branch 'upstream/release/stable-2.13' into
-        stable-2.13.x
-      sha: ea513a4b04dd1515dec9e6ee0b44cafa4785fd63
+      commitTitle: add PSS flag for PSP->PSS migration (#559)...
+      sha: 81d4bbad3f3b9c4628b62134b014859c4e80ad15
       tags:
-      - stable-2.10.1-2949-gea513a4b0
+      - stable-2.10.1-2950-g81d4bbad3
     path: linkerd
   path: vendor
 - contents: