diff --git a/.secrets.baseline b/.secrets.baseline
index f382939..a0af50e 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2025-10-31T06:30:11Z",
+  "generated_at": "2025-11-11T07:59:39Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
diff --git a/cra-config.yaml b/cra-config.yaml
index ddeeb69..3a4ee6e 100644
--- a/cra-config.yaml
+++ b/cra-config.yaml
@@ -5,5 +5,5 @@ CRA_TARGETS:
     CRA_IGNORE_RULES_FILE: "cra-tf-validate-ignore-rules.json" # CRA Ignore file to use. If not provided, it checks the repo root directory for `cra-tf-validate-ignore-rules.json`
     PROFILE_ID: "fe96bd4d-9b37-40f2-b39f-a62760e326a3"         # SCC profile ID (currently set to 'IBM Cloud Framework for Financial Services' '1.7.0' profile).
     CRA_ENVIRONMENT_VARIABLES:
-      TF_VAR_prefix: "access-management"
+      TF_VAR_prefix: "access-mgmt"
       TF_VAR_provider_visibility: "public"
diff --git a/ibm_catalog.json b/ibm_catalog.json
index 208edb1..ce0a1ba 100644
--- a/ibm_catalog.json
+++ b/ibm_catalog.json
@@ -74,7 +74,19 @@
               ]
             },
             {
-              "key": "prefix"
+              "key": "prefix",
+              "required": true,
+              "default_value": "dev",
+              "random_string": {
+                "length": 4
+              },
+              "value_constraints": [
+                {
+                  "type": "regex",
+                  "description": "Prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It must not end with a hyphen('-'), and cannot contain consecutive hyphens ('--'). It should not exceed 16 characters.",
+                  "value": "^$|^__NULL__$|^[a-z](?!.*--)(?:[a-z0-9-]{0,14}[a-z0-9])?$"
+                }
+              ]
             },
             {
               "key": "admin_compute_ag_name"
diff --git a/solutions/standard/variables.tf b/solutions/standard/variables.tf
index 21ae304..5bf9481 100644
--- a/solutions/standard/variables.tf
+++ b/solutions/standard/variables.tf
@@ -17,8 +17,29 @@ variable "provider_visibility" {
 
 variable "prefix" {
   type        = string
-  description = "A string to add to all access group names"
-  default     = null
+  nullable    = true
+  description = "The prefix to add to all resources that this solution creates (e.g `prod`, `test`, `dev`). To skip using a prefix, set this value to null or an empty string. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md)."
+
+  validation {
+    # - null and empty string is allowed
+    # - Must not contain consecutive hyphens (--): length(regexall("--", var.prefix)) == 0
+    # - Starts with a lowercase letter: [a-z]
+    # - Contains only lowercase letters (a–z), digits (0–9), and hyphens (-)
+    # - Must not end with a hyphen (-): [a-z0-9]
+    condition = (var.prefix == null || var.prefix == "" ? true :
+      alltrue([
+        can(regex("^[a-z][-a-z0-9]*[a-z0-9]$", var.prefix)),
+        length(regexall("--", var.prefix)) == 0
+      ])
+    )
+    error_message = "Prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It must not end with a hyphen('-'), and cannot contain consecutive hyphens ('--')."
+  }
+
+  validation {
+    # must not exceed 16 characters in length
+    condition     = var.prefix == null || var.prefix == "" ? true : length(var.prefix) <= 16
+    error_message = "Prefix must not exceed 16 characters."
+  }
 }
 
 variable "admin_observability_ag_name" {