diff --git a/charts/network/README.md b/charts/network/README.md
index 26c6ef8..55ebeee 100644
--- a/charts/network/README.md
+++ b/charts/network/README.md
@@ -21,10 +21,13 @@ A Helm chart for a blockchain network on Kubernetes
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| global | object | `{"networkNodes":{"faucetArtifactPrefix":"besu-faucet","genesisConfigMapName":"besu-genesis","podPrefix":"","serviceName":"","staticNodesConfigMapName":"besu-static-nodes"}}` | Global configuration shared across subcharts. |
+| global | object | `{"networkNodes":{"faucetArtifactPrefix":"besu-faucet","genesisConfigMapName":"besu-genesis","podPrefix":"","serviceName":"","staticNodesConfigMapName":"besu-static-nodes"},"securityContexts":{"container":{},"pod":{}}}` | Global configuration shared across subcharts. |
 | global.networkNodes | object | `{"faucetArtifactPrefix":"besu-faucet","genesisConfigMapName":"besu-genesis","podPrefix":"","serviceName":"","staticNodesConfigMapName":"besu-static-nodes"}` | Defaults consumed by Besu network node workloads. |
 | global.networkNodes.faucetArtifactPrefix | string | `"besu-faucet"` | Prefix used for faucet ConfigMaps and Secrets. |
 | global.networkNodes.genesisConfigMapName | string | `"besu-genesis"` | ConfigMap name storing the generated genesis.json artifact. |
 | global.networkNodes.podPrefix | string | `""` | StatefulSet prefix used for validator pod hostnames. |
 | global.networkNodes.serviceName | string | `""` | Kubernetes Service name fronting validator pods to align bootstrapper static-nodes output. |
 | global.networkNodes.staticNodesConfigMapName | string | `"besu-static-nodes"` | ConfigMap name storing static-nodes.json entries. |
+| global.securityContexts | object | `{"container":{},"pod":{}}` | Shared pod- and container-level security contexts applied when subcharts omit explicit overrides. |
+| global.securityContexts.container | object | `{}` | Container security context inherited by subcharts when set. |
+| global.securityContexts.pod | object | `{}` | Pod security context inherited by subcharts when set. |
diff --git a/charts/network/charts/network-bootstrapper/templates/job.yaml b/charts/network/charts/network-bootstrapper/templates/job.yaml
index d112eef..f1526a3 100644
--- a/charts/network/charts/network-bootstrapper/templates/job.yaml
+++ b/charts/network/charts/network-bootstrapper/templates/job.yaml
@@ -27,9 +27,13 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       serviceAccountName: {{ include "network-bootstrapper.serviceAccountName" . }}
-      {{- with .Values.podSecurityContext }}
+      {{- $globalValues := (.Values.global | default (dict)) }}
+      {{- $globalSecurityContexts := dig "securityContexts" $globalValues (dict) }}
+      {{- $podSecurityContext := merge (deepCopy (default (dict) .Values.podSecurityContext)) (dig "pod" $globalSecurityContexts (dict)) }}
+      {{- $containerSecurityContext := merge (deepCopy (default (dict) .Values.securityContext)) (dig "container" $globalSecurityContexts (dict)) }}
+      {{- if $podSecurityContext }}
       securityContext:
-        {{- toYaml . | nindent 8 }}
+        {{- toYaml $podSecurityContext | nindent 8 }}
       {{- end }}
       {{- with .Values.initContainers }}
       initContainers:
@@ -37,9 +41,9 @@ spec:
       {{- end }}
       containers:
         - name: {{ .Chart.Name }}
-          {{- with .Values.securityContext }}
+          {{- if $containerSecurityContext }}
           securityContext:
-            {{- toYaml . | nindent 12 }}
+            {{- toYaml $containerSecurityContext | nindent 12 }}
           {{- end }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
diff --git a/charts/network/charts/network-bootstrapper/values.yaml b/charts/network/charts/network-bootstrapper/values.yaml
index 69ad5bd..429fc22 100644
--- a/charts/network/charts/network-bootstrapper/values.yaml
+++ b/charts/network/charts/network-bootstrapper/values.yaml
@@ -41,11 +41,13 @@ podLabels: {}
 # Pod-level security context applied to all containers in the pod.
 podSecurityContext:
   {}
+  # -- Leave empty to inherit from global.securityContexts.pod.
   # fsGroup: 2000
 
 # Container security context applied to the bootstrapper container.
 securityContext:
   {}
+  # -- Leave empty to inherit from global.securityContexts.container.
   # capabilities:
   #   drop:
   #   - ALL
diff --git a/charts/network/charts/network-nodes/README.md b/charts/network/charts/network-nodes/README.md
index 10576c4..5a3eee1 100644
--- a/charts/network/charts/network-nodes/README.md
+++ b/charts/network/charts/network-nodes/README.md
@@ -107,7 +107,7 @@ A Helm chart for Kubernetes
 | openShiftRoute.wildcardPolicy | string | `""` | Wildcard policy controlling subdomain routing (None or Subdomain). |
 | persistence.accessModes | list | `["ReadWriteOnce"]` | Requested access modes for the PersistentVolumeClaim. |
 | persistence.annotations | object | `{}` |  |
-| persistence.enabled | bool | `false` | Enable persistent volume claims for ledger data. |
+| persistence.enabled | bool | `true` | Enable persistent volume claims for ledger data. |
 | persistence.existingClaim | string | `""` | Name of an existing PersistentVolumeClaim to reuse instead of creating new PVCs. |
 | persistence.mountPath | string | `"/data"` | Container path where the persistent volume is mounted. |
 | persistence.readOnly | bool | `false` | Mount the volume read-only when true. |
diff --git a/charts/network/charts/network-nodes/templates/statefulset-rpc.yaml b/charts/network/charts/network-nodes/templates/statefulset-rpc.yaml
index d2c3f22..6028a30 100644
--- a/charts/network/charts/network-nodes/templates/statefulset-rpc.yaml
+++ b/charts/network/charts/network-nodes/templates/statefulset-rpc.yaml
@@ -36,6 +36,10 @@ spec:
   {{- $initContainers := .Values.initContainers | default (dict) }}
   {{- $sharedInitContainers := get $initContainers "shared" }}
   {{- $rpcInitContainers := get $initContainers "rpc" }}
+  {{- $globalValues := (.Values.global | default (dict)) }}
+  {{- $globalSecurityContexts := dig "securityContexts" $globalValues (dict) }}
+  {{- $podSecurityContext := merge (deepCopy (default (dict) .Values.podSecurityContext)) (dig "pod" $globalSecurityContexts (dict)) }}
+  {{- $containerSecurityContext := merge (deepCopy (default (dict) .Values.securityContext)) (dig "container" $globalSecurityContexts (dict)) }}
   podManagementPolicy: Parallel
   replicas: {{ .Values.rpcReplicaCount }}
   serviceName: {{ include "nodes.fullname" . }}-rpc
@@ -73,9 +77,9 @@ spec:
       {{- if $rpcPriorityClass }}
       priorityClassName: {{ $rpcPriorityClass | quote }}
       {{- end }}
-      {{- with .Values.podSecurityContext }}
+      {{- if $podSecurityContext }}
       securityContext:
-        {{- toYaml . | nindent 8 }}
+        {{- toYaml $podSecurityContext | nindent 8 }}
       {{- end }}
       {{- if or $sharedInitContainers $rpcInitContainers }}
       initContainers:
@@ -97,9 +101,9 @@ spec:
 {{- if $log4jEnv }}
 {{ $log4jEnv | nindent 12 }}
 {{- end }}
-          {{- with .Values.securityContext }}
+          {{- if $containerSecurityContext }}
           securityContext:
-            {{- toYaml . | nindent 12 }}
+            {{- toYaml $containerSecurityContext | nindent 12 }}
           {{- end }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
diff --git a/charts/network/charts/network-nodes/templates/statefulset-validator.yaml b/charts/network/charts/network-nodes/templates/statefulset-validator.yaml
index 4ca9f7c..130958a 100644
--- a/charts/network/charts/network-nodes/templates/statefulset-validator.yaml
+++ b/charts/network/charts/network-nodes/templates/statefulset-validator.yaml
@@ -37,6 +37,10 @@ spec:
   {{- $initContainers := .Values.initContainers | default (dict) }}
   {{- $sharedInitContainers := get $initContainers "shared" }}
   {{- $validatorInitContainers := get $initContainers "validator" }}
+  {{- $globalValues := (.Values.global | default (dict)) }}
+  {{- $globalSecurityContexts := dig "securityContexts" $globalValues (dict) }}
+  {{- $podSecurityContext := merge (deepCopy (default (dict) .Values.podSecurityContext)) (dig "pod" $globalSecurityContexts (dict)) }}
+  {{- $containerSecurityContext := merge (deepCopy (default (dict) .Values.securityContext)) (dig "container" $globalSecurityContexts (dict)) }}
   podManagementPolicy: Parallel
   replicas: {{ $validatorReplicaBudget }}
   serviceName: {{ include "nodes.fullname" . }}
@@ -74,9 +78,9 @@ spec:
       {{- if $validatorPriorityClass }}
       priorityClassName: {{ $validatorPriorityClass | quote }}
       {{- end }}
-      {{- with .Values.podSecurityContext }}
+      {{- if $podSecurityContext }}
       securityContext:
-        {{- toYaml . | nindent 8 }}
+        {{- toYaml $podSecurityContext | nindent 8 }}
       {{- end }}
       {{- if or $sharedInitContainers $validatorInitContainers }}
       initContainers:
@@ -98,9 +102,9 @@ spec:
 {{- if $log4jEnv }}
 {{ $log4jEnv | nindent 12 }}
 {{- end }}
-          {{- with .Values.securityContext }}
+          {{- if $containerSecurityContext }}
           securityContext:
-            {{- toYaml . | nindent 12 }}
+            {{- toYaml $containerSecurityContext | nindent 12 }}
           {{- end }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
diff --git a/charts/network/charts/network-nodes/values.yaml b/charts/network/charts/network-nodes/values.yaml
index f904d10..c4e3d6b 100644
--- a/charts/network/charts/network-nodes/values.yaml
+++ b/charts/network/charts/network-nodes/values.yaml
@@ -169,11 +169,13 @@ priorityClassNames:
 # Pod-level security context shared by all containers.
 podSecurityContext:
   {}
+  # -- Leave empty to inherit from global.securityContexts.pod.
   # fsGroup: 2000
 
 # Container-level security context applied to Besu containers.
 securityContext:
   {}
+  # -- Leave empty to inherit from global.securityContexts.container.
   # capabilities:
   #   drop:
   #   - ALL
diff --git a/charts/network/values.yaml b/charts/network/values.yaml
index 524c728..35dcaca 100644
--- a/charts/network/values.yaml
+++ b/charts/network/values.yaml
@@ -14,3 +14,9 @@ global:
     staticNodesConfigMapName: besu-static-nodes
     # -- (string) Prefix used for faucet ConfigMaps and Secrets.
     faucetArtifactPrefix: besu-faucet
+  # -- (object) Shared pod- and container-level security contexts applied when subcharts omit explicit overrides.
+  securityContexts:
+    # -- (object) Pod security context inherited by subcharts when set.
+    pod: {}
+    # -- (object) Container security context inherited by subcharts when set.
+    container: {}