diff --git a/docs/security/hardening-guide.md b/docs/security/hardening-guide.md
index 5208d2e63..9c28f23a5 100644
--- a/docs/security/hardening-guide.md
+++ b/docs/security/hardening-guide.md
@@ -380,7 +380,7 @@ spec:
     - from:
       - namespaceSelector:
           matchLabels:
-            name: kube-system
+            kubernetes.io/metadata.name: kube-system
 ```
 
 With the applied restrictions, DNS will be blocked unless purposely allowed. Below is a network policy that will allow for traffic to exist for DNS.