diff --git a/proposals/20220926-contrib-component-guidelines.md b/proposals/20220926-contrib-component-guidelines.md
index 4b2ed420a7..d8a9a98a84 100644
--- a/proposals/20220926-contrib-component-guidelines.md
+++ b/proposals/20220926-contrib-component-guidelines.md
@@ -46,10 +46,12 @@ These are the requirements for all components under `/contrib`:
       CustomResource and waiting for it to become Ready
     * The maintainers will need to work with the leads of Manifests WG to ensure
       there's some basic automation in place that will be running the above script(s)
-6. All pods must run according to the offical Kubernetes 
+6. All pods must run with the [baseline PSS set](https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline)
+7. [stretch goal] All pods must run according to the offical Kubernetes 
    [podsecuritystandards restricted set](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted).
-   This means explicitly no root containers and dropping all capabilities in your pods
-   securitycontexts.
+   This means explicitly no root containers and dropping all capabilities in your pods securitycontexts.
+8. [stretch goal] Running with Istio sidecars
+9. [stretch goal] Namespace isolation
 
 At this point we don't want to provide too much of a strict structure for the
 README. Developers are free to expose any other information in the README that