diff --git a/release_notes/ocp-4-14-release-notes.adoc b/release_notes/ocp-4-14-release-notes.adoc
index 1f1d309375..98f9bcecb8 100644
--- a/release_notes/ocp-4-14-release-notes.adoc
+++ b/release_notes/ocp-4-14-release-notes.adoc
@@ -212,6 +212,17 @@ With this release, you can now require your workloads to use a specific security
 
 For more information, see xref:../authentication/managing-security-context-constraints.adoc#security-context-constraints-requiring_configuring-internal-oauth[Configuring a workload to require a specific SCC].
 
+[id="ocp-4-14-auth-psa-privileged-namespaces"]
+==== Pod security admission privileged namespaces
+
+With this release, the following system namespaces are always set to the `privileged` pod security admission profile:
+
+* `default`
+* `kube-public`
+* `kube-system`
+
+For more information, see xref:../authentication/understanding-and-managing-pod-security-admission.adoc#psa-privileged-namespaces_understanding-and-managing-pod-security-admission[Privileged namespaces].
+
 [id="ocp-4-14-networking"]
 === Networking