diff --git a/mmv1/third_party/tgc_next/pkg/services/container/resource_container_cluster.go b/mmv1/third_party/tgc_next/pkg/services/container/resource_container_cluster.go
index 569149c93581..b88c679fc9c6 100644
--- a/mmv1/third_party/tgc_next/pkg/services/container/resource_container_cluster.go
+++ b/mmv1/third_party/tgc_next/pkg/services/container/resource_container_cluster.go
@@ -1011,6 +1011,42 @@ func ResourceContainerCluster() *schema.Resource {
 				},
 			},
 
+			"autopilot_cluster_policy_config": {
+				Type:        schema.TypeList,
+				Optional:    true,
+				Computed:    true,
+				MaxItems:    1,
+				Description: `Configuration for Autopilot cluster policy.`,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"no_standard_node_pools": {
+							Type:        schema.TypeBool,
+							Optional:    true,
+							Computed:    true,
+							Description: `Whether standard node pools are disabled.`,
+						},
+						"no_system_impersonation": {
+							Type:        schema.TypeBool,
+							Optional:    true,
+							Computed:    true,
+							Description: `Whether system impersonation is disabled.`,
+						},
+						"no_system_mutation": {
+							Type:        schema.TypeBool,
+							Optional:    true,
+							Computed:    true,
+							Description: `Whether system mutation is disabled.`,
+						},
+						"no_unsafe_webhooks": {
+							Type:        schema.TypeBool,
+							Optional:    true,
+							Computed:    true,
+							Description: `Whether unsafe webhooks are disabled.`,
+						},
+					},
+				},
+			},
+
 			"authenticator_groups_config": {
 				Type:        schema.TypeList,
 				Optional:    true,
diff --git a/mmv1/third_party/tgc_next/pkg/services/container/resource_container_cluster_cai2hcl.go b/mmv1/third_party/tgc_next/pkg/services/container/resource_container_cluster_cai2hcl.go
index 8f5e52618096..4c9a0fd56499 100644
--- a/mmv1/third_party/tgc_next/pkg/services/container/resource_container_cluster_cai2hcl.go
+++ b/mmv1/third_party/tgc_next/pkg/services/container/resource_container_cluster_cai2hcl.go
@@ -76,6 +76,25 @@ func (c *ContainerClusterCai2hclConverter) convertResourceData(asset caiasset.As
 		if workloadPolicyConfig, ok := autopilot["workloadPolicyConfig"].(map[string]interface{}); ok {
 			hclData["allow_net_admin"] = workloadPolicyConfig["allowNetAdmin"]
 		}
+
+		if clusterPolicyConfig, ok := autopilot["clusterPolicyConfig"].(map[string]interface{}); ok {
+			policyConfig := map[string]interface{}{}
+			if v, ok := clusterPolicyConfig["noStandardNodePools"]; ok {
+				policyConfig["no_standard_node_pools"] = v
+			}
+			if v, ok := clusterPolicyConfig["noSystemImpersonation"]; ok {
+				policyConfig["no_system_impersonation"] = v
+			}
+			if v, ok := clusterPolicyConfig["noSystemMutation"]; ok {
+				policyConfig["no_system_mutation"] = v
+			}
+			if v, ok := clusterPolicyConfig["noUnsafeWebhooks"]; ok {
+				policyConfig["no_unsafe_webhooks"] = v
+			}
+			if len(policyConfig) > 0 {
+				hclData["autopilot_cluster_policy_config"] = []map[string]interface{}{policyConfig}
+			}
+		}
 		if privilegedAdmissionConfig, ok := autopilot["privilegedAdmissionConfig"].(map[string]interface{}); ok {
 			hclData["autopilot_privileged_admission"] = privilegedAdmissionConfig["allowlistPaths"]
 		}
diff --git a/mmv1/third_party/tgc_next/pkg/services/container/resource_container_cluster_tfplan2cai.go b/mmv1/third_party/tgc_next/pkg/services/container/resource_container_cluster_tfplan2cai.go
index 834a59d1949e..6d8cde764ae9 100644
--- a/mmv1/third_party/tgc_next/pkg/services/container/resource_container_cluster_tfplan2cai.go
+++ b/mmv1/third_party/tgc_next/pkg/services/container/resource_container_cluster_tfplan2cai.go
@@ -83,6 +83,20 @@ func expandContainerCluster(project string, d tpgresource.TerraformResourceData,
 		}
 	}
 
+	var autopilotClusterPolicyConfig *container.ClusterPolicyConfig
+	if v, ok := d.GetOk("autopilot_cluster_policy_config"); ok {
+		l := v.([]interface{})
+		if len(l) > 0 && l[0] != nil {
+			pc := l[0].(map[string]interface{})
+			autopilotClusterPolicyConfig = &container.ClusterPolicyConfig{
+				NoSystemMutation:      pc["no_system_mutation"].(bool),
+				NoSystemImpersonation: pc["no_system_impersonation"].(bool),
+				NoUnsafeWebhooks:      pc["no_unsafe_webhooks"].(bool),
+				NoStandardNodePools:   pc["no_standard_node_pools"].(bool),
+			}
+		}
+	}
+
 	cluster := &container.Cluster{
 		Name:                        clusterName,
 		Location:                    location,
@@ -111,6 +125,7 @@ func expandContainerCluster(project string, d tpgresource.TerraformResourceData,
 			Enabled:                   d.Get("enable_autopilot").(bool),
 			WorkloadPolicyConfig:      workloadPolicyConfig,
 			PrivilegedAdmissionConfig: expandPrivilegedAdmissionConfig(d.Get("autopilot_privileged_admission")),
+			ClusterPolicyConfig:       autopilotClusterPolicyConfig,
 			ForceSendFields:           []string{"Enabled"},
 		},
 		ReleaseChannel:       expandReleaseChannel(d.Get("release_channel")),