diff --git a/migration_toolkit_for_containers/mtc-direct-migration-requirements.adoc b/migration_toolkit_for_containers/mtc-direct-migration-requirements.adoc
index 6acedfcb9162..807257fb00f0 100644
--- a/migration_toolkit_for_containers/mtc-direct-migration-requirements.adoc
+++ b/migration_toolkit_for_containers/mtc-direct-migration-requirements.adoc
@@ -48,7 +48,12 @@ include::modules/configuring-retries-for-rsync.adoc[leveloffset=+3]
 
 include::modules/ocp-running-rsync-root-or-non-root.adoc[leveloffset=+3]
 
-To learn more about Pod Security Admission and setting values for labels, see xref:../authentication/understanding-and-managing-pod-security-admission.adoc#security-context-constraints-psa-opting_understanding-and-managing-pod-security-admission[Controlling pod security admission synchronization].
+include::modules/security-context-constraints-psa-about.adoc[leveloffset=+4]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../authentication/understanding-and-managing-pod-security-admission.adoc#security-context-constraints-psa-opting_understanding-and-managing-pod-security-admission[Controlling pod security admission synchronization].
 
 include::modules/migration-rsync-migration-controller-root-non-root.adoc[leveloffset=+3]
 
diff --git a/modules/ocp-running-rsync-root-or-non-root.adoc b/modules/ocp-running-rsync-root-or-non-root.adoc
index 7220c99fc32e..94fe17eb1b7c 100644
--- a/modules/ocp-running-rsync-root-or-non-root.adoc
+++ b/modules/ocp-running-rsync-root-or-non-root.adoc
@@ -6,7 +6,7 @@
 [id="ocp-running-rsync-root-or-non-root_{context}"]
 = Running Rsync as either root or non-root
 
-{OCP} environments have the `PodSecurityAdmission` controller enabled by default. This controller requires cluster administrators to enforce Pod Security Standards by means of namespace labels. All workloads in the cluster are expected to run one of the following Pod Security Standard levels: `Privileged`, `Baseline` or `Restricted`. Every cluster has its own default policy set.
+{OCP} environments have the `PodSecurityAdmission` controller enabled by default. This controller requires cluster administrators to enforce Pod Security Standards by means of namespace labels. All workloads in the cluster are expected to run one of the following Pod Security Standard levels: `privileged`, `baseline` or `restricted`. Every cluster has its own default policy set.
 
 To guarantee successful data transfer in all environments, {mtc-first} 1.7.5 introduced changes in Rsync pods, including running Rsync pods as non-root user by default. This ensures that data transfer is possible even for workloads that do not necessarily require higher privileges. This change was made because it is best to run workloads with the lowest level of privileges possible.
 
diff --git a/modules/security-context-constraints-psa-about.adoc b/modules/security-context-constraints-psa-about.adoc
index aa8c3b9aebce..21fda91433eb 100644
--- a/modules/security-context-constraints-psa-about.adoc
+++ b/modules/security-context-constraints-psa-about.adoc
@@ -71,3 +71,19 @@ The following system namespaces are always set to the `privileged` pod security
 * `kube-system`
 
 You cannot change the pod security profile for these privileged namespaces.
+
+.Example privileged namespace configuration
+
+[source,yaml]
+----
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    openshift.io/cluster-monitoring: "true"
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/warn: privileged
+  name: "<mig_namespace>"
+# ...
+----