diff --git a/docs/config.md b/docs/config.md
index c6529dd9a..402967001 100644
--- a/docs/config.md
+++ b/docs/config.md
@@ -78,6 +78,10 @@ version = 2
   # when using containerd with Kubernetes <=1.11.
   disable_proc_mount = false
 
+  # unsetSeccompProfile is the profile containerd/cri will use if the provided seccomp profile is
+  # unset (`""`) for a container (default is `unconfined`)
+  unset_seccomp_profile = ""
+
   # 'plugins."io.containerd.grpc.v1.cri".containerd' contains config related to containerd
   [plugins."io.containerd.grpc.v1.cri".containerd]
 
diff --git a/pkg/config/config.go b/pkg/config/config.go
index 57e9c021a..d2e10f192 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -225,8 +225,9 @@ type PluginConfig struct {
 	// DisableProcMount disables Kubernetes ProcMount support. This MUST be set to `true`
 	// when using containerd with Kubernetes <=1.11.
 	DisableProcMount bool `toml:"disable_proc_mount" json:"disableProcMount"`
-	// DefaultSeccompProfile is a seccomp profile to use if not provided by k8s.
-	DefaultSeccompProfile string `toml:"default_seccomp_profile" json:"defaultSeccompProfile"`
+	// UnsetSeccompProfile is the profile containerd/cri will use If the provided seccomp profile is
+	// unset (`""`) for a container (default is `unconfined`)
+	UnsetSeccompProfile string `toml:"unset_seccomp_profile" json:"unsetSeccompProfile"`
 }
 
 // X509KeyPairStreaming contains the x509 configuration for streaming
diff --git a/pkg/server/container_create_unix.go b/pkg/server/container_create_unix.go
index e44902ea1..0324bc206 100644
--- a/pkg/server/container_create_unix.go
+++ b/pkg/server/container_create_unix.go
@@ -306,7 +306,7 @@ func (c *criService) generateSeccompSpecOpts(seccompProf string, privileged, sec
 		return nil, nil
 	}
 	if seccompProf == "" {
-		seccompProf = c.config.DefaultSeccompProfile
+		seccompProf = c.config.UnsetSeccompProfile
 	}
 	// Set seccomp profile
 	if seccompProf == runtimeDefault || seccompProf == dockerDefault {
diff --git a/pkg/server/container_create_unix_test.go b/pkg/server/container_create_unix_test.go
index a4f4856ef..b27bb38e2 100644
--- a/pkg/server/container_create_unix_test.go
+++ b/pkg/server/container_create_unix_test.go
@@ -837,7 +837,7 @@ func TestGenerateSeccompSpecOpts(t *testing.T) {
 	} {
 		t.Run(fmt.Sprintf("TestCase %q", desc), func(t *testing.T) {
 			cri := &criService{}
-			cri.config.DefaultSeccompProfile = test.defaultProfile
+			cri.config.UnsetSeccompProfile = test.defaultProfile
 			specOpts, err := cri.generateSeccompSpecOpts(test.profile, test.privileged, !test.disable)
 			assert.Equal(t,
 				reflect.ValueOf(test.specOpts).Pointer(),