diff --git a/gke-custom-org-policy/samples/README.md b/gke-custom-org-policy/samples/README.md
index 676856e8..e357aa1c 100644
--- a/gke-custom-org-policy/samples/README.md
+++ b/gke-custom-org-policy/samples/README.md
@@ -31,7 +31,9 @@ gcloud org-policies set-policy gke_custom_org_policy.yaml
 
 The following samples pertain to [GKE Control Plane Authority](https://cloud.google.com/kubernetes-engine/docs/concepts/about-control-plane-authority). Note: This is a general availability feature or capability that's only available to use on request. To use this feature, contact your Google Cloud account team.
 
-* [control_plane_user_managed_keys.yaml](control-plane-authority/control_plane_user_managed_keys.yaml)
+* [control_plane_user_managed_keys_must_start_with_project_id.yaml](control-plane-authority/control_plane_user_managed_keys_must_start_with_project_id.yaml)
+* [control_plane_user_managed_keys_must_exist.yaml](control-plane-authority/control_plane_user_managed_keys_must_exist.yaml)
 * [control_plane_ssh_logs.yaml](control-plane-authority/control_plane_ssh_logs.yaml)
 * [control_plane_network_connection.yaml](control-plane-authority/samples/control_plane_network_connection.yaml)
 
+Note that constraint defined in file [control_plane_user_managed_keys_must_exist.yaml](control-plane-authority/control_plane_user_managed_keys_must_exist.yaml) only requires user managed CAs and keys exist, but constriant defined in file [control_plane_user_managed_keys_must_start_with_project_id.yaml](control-plane-authority/control_plane_user_managed_keys_must_start_with_project_id.yaml) also requires those CAs and keys to be housed in specific project.
\ No newline at end of file