diff --git a/content/en/docs/concepts/security/_index.md b/content/en/docs/concepts/security/_index.md
index 352512debd1c0..f2a91feb8dcea 100644
--- a/content/en/docs/concepts/security/_index.md
+++ b/content/en/docs/concepts/security/_index.md
@@ -25,7 +25,7 @@ define [policies](#policies) that can form part of how you manage information se
 
 ### Control plane protection
 
-A key security mechanism for any Kubernetes is to
+A key security mechanism for any Kubernetes cluster is to
 [control access to the Kubernetes API](/docs/concepts/security/controlling-access).
 
 You can define [encryption at rest](/docs/tasks/administer-cluster/encrypt-data/)
diff --git a/content/en/docs/concepts/security/cloud-native-security.md b/content/en/docs/concepts/security/cloud-native-security.md
index 272f6a22c43f1..778dba0c3836e 100644
--- a/content/en/docs/concepts/security/cloud-native-security.md
+++ b/content/en/docs/concepts/security/cloud-native-security.md
@@ -74,7 +74,7 @@ To achieve this, you can:
 Ensure appropriate restrictions on what can be deployed, who can deploy it,
 and where it can be deployed to.
 You can enforce measures from the _distribute_ phase, such as verifying the
-cryptographic identity of container image artefacts.
+cryptographic identity of container image artifacts.
 
 When you deploy Kubernetes, you also set the foundation for your
 applications' runtime environment: a Kubernetes cluster (or
@@ -125,7 +125,7 @@ the runtime(s) that you choose meet your information security needs.
 To protect your compute at runtime, you can:
 
 1. Enforce [Pod security standards](/docs/concepts/security/pod-security-standards/)
-   for applications, based on the level of trust you have in them.
+   for applications, to help ensure they run with only the necessary privileges.
 1. Run a specialized operating system on your nodes that is designed specifically
    for running containerized workloads. This is typically based on a read-only
    operating system (_immutable image_) that provides only the services