diff --git a/tetrate/enforce-gateway-nomenclature/enforce-gateway-nomenclature.yaml b/tetrate/enforce-gateway-nomenclature/enforce-gateway-nomenclature.yaml
new file mode 100644
index 00000000..014bec17
--- /dev/null
+++ b/tetrate/enforce-gateway-nomenclature/enforce-gateway-nomenclature.yaml
@@ -0,0 +1,27 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: enforce-gateway-nomenclature
+  annotations:
+    policies.kyverno.io/title: Enforce Gateway Nomenclature
+    policies.kyverno.io/category: Istio Best Practices
+    policies.kyverno.io/severity: medium
+    policies.kyverno.io/subject: VirtualService
+    policies.kyverno.io/description: >-
+      The preferred Istio nomenclature for referencing gateways is [gateway namespace]/[gateway name], 
+      which provides clarity and avoids conflicts when gateways with the same name exist in different namespaces.
+spec:
+  validationFailureAction: Enforce
+  rules:
+    - name: enforce-gateway-format
+      match:
+        any:
+          - resources:
+              kinds:
+                - VirtualService
+      validate:
+        message: "Gateways in VirtualService must follow the format: [namespace]/[gateway name]."
+        pattern:
+          spec:
+            gateways:
+              - "*/*"
\ No newline at end of file
diff --git a/tetrate/enforce-gateway-nomenclature/resource.yaml b/tetrate/enforce-gateway-nomenclature/resource.yaml
new file mode 100644
index 00000000..15c58cfa
--- /dev/null
+++ b/tetrate/enforce-gateway-nomenclature/resource.yaml
@@ -0,0 +1,19 @@
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: bad-virtual-service
+spec:
+  hosts:
+  - "my-app.example.com"
+  gateways:
+  - "my-gateway" 
+---
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  name: good-virtual-service
+spec:
+  hosts:
+  - "my-app.example.com"
+  gateways:
+  - "example-namespace/my-gateway"
\ No newline at end of file