diff --git a/service/policy/kasregistry/key_access_server_registry.proto b/service/policy/kasregistry/key_access_server_registry.proto
index e3a0e4323..0c5cfd270 100644
--- a/service/policy/kasregistry/key_access_server_registry.proto
+++ b/service/policy/kasregistry/key_access_server_registry.proto
@@ -4,6 +4,7 @@ package policy.kasregistry;
 
 import "buf/validate/validate.proto";
 import "common/common.proto";
+import "policy/validator.proto";
 import "google/api/annotations.proto";
 import "policy/objects.proto";
 
@@ -82,7 +83,7 @@ message ListKeyAccessServerGrantsRequest {
   // Optional
   // Filter LIST by either ID or URI of a registered Key Access Server.
   // If neither is provided, grants from all registered KASs to policy attribute objects are returned.
-  string kas_id = 1; // TOOD: test ignore_empty and other options for validating UUID only when not empty
+  OptionalUUID kas_id = 1; 
   string kas_uri = 2; // TODO: uri format
 }
 
diff --git a/service/policy/resourcemapping/resource_mapping.proto b/service/policy/resourcemapping/resource_mapping.proto
index f2b424c2f..7bd323caf 100644
--- a/service/policy/resourcemapping/resource_mapping.proto
+++ b/service/policy/resourcemapping/resource_mapping.proto
@@ -7,6 +7,7 @@ import "google/api/annotations.proto";
 
 import "common/common.proto";
 import "policy/objects.proto";
+import "policy/validator.proto";
 
 /*
    Resource Mapping Groups
@@ -14,7 +15,7 @@ import "policy/objects.proto";
 
 message ListResourceMappingGroupsRequest {
   // Optional
-  string namespace_id = 1; // TODO: validate UUID only if provided
+  OptionalUUID namespace_id = 1;
 }
 
 message ListResourceMappingGroupsResponse {
@@ -58,7 +59,7 @@ message UpdateResourceMappingGroupRequest {
   ];
 
   // Optional
-  string namespace_id = 2; // TODO: validate UUID only when provided
+  OptionalUUID namespace_id = 2;
 
   string name = 3;
 
@@ -89,7 +90,7 @@ message DeleteResourceMappingGroupResponse {
 
 message ListResourceMappingsRequest {
   // Optional
-  string group_id = 1; // TODO: validate UUID only when provided
+  OptionalUUID group_id = 1; 
 }
 
 message ListResourceMappingsResponse {
@@ -145,7 +146,7 @@ message CreateResourceMappingRequest {
   repeated string terms = 2 [(buf.validate.field).required = true]; // TODO: validate list min/max and term min/max
 
   // Optional
-  string group_id = 3; // TODO: validate UUID only when provided
+  OptionalUUID group_id = 3;
 
   common.MetadataMutable metadata = 100;
 }
@@ -161,11 +162,11 @@ message UpdateResourceMappingRequest {
   ];
 
   // Optional
-  string attribute_value_id = 4; // TODO: validate UUID only when provided
+  OptionalUUID attribute_value_id = 4;
 
   repeated string terms = 5; // TODO: validate list min/max and term min/max
 
-  string group_id = 6; // TODO: validate UUID only when provided
+  OptionalUUID group_id = 6;
 
   // Common Metadata
   common.MetadataMutable metadata = 100;
diff --git a/service/policy/subjectmapping/subject_mapping.proto b/service/policy/subjectmapping/subject_mapping.proto
index 9d777d3bb..5f1c230f8 100644
--- a/service/policy/subjectmapping/subject_mapping.proto
+++ b/service/policy/subjectmapping/subject_mapping.proto
@@ -7,6 +7,7 @@ import "google/api/annotations.proto";
 
 import "common/common.proto";
 import "policy/objects.proto";
+import "policy/validator.proto";
 
 // MatchSubjectMappingsRequest liberally returns a list of SubjectMappings based on the provided SubjectProperties. The SubjectMappings are returned
 // if there is any single condition found among the structures that matches for one of the provided properties:
@@ -58,7 +59,7 @@ message CreateSubjectMappingRequest{
 
   // Either of the following:
   // Reuse existing SubjectConditionSet (NOTE: prioritized over new_subject_condition_set)
-  string existing_subject_condition_set_id = 3; // TODO: validate UUID only when provided
+  OptionalUUID existing_subject_condition_set_id = 3;
   // Create new SubjectConditionSet (NOTE: ignored if existing_subject_condition_set_id is provided)
   SubjectConditionSetCreate new_subject_condition_set = 4;
 
@@ -78,7 +79,7 @@ message UpdateSubjectMappingRequest {
 
   // Optional
   // Replaces the existing SubjectConditionSet id with a new one
-  string subject_condition_set_id = 2; // TODO: validate UUID only when provided
+  OptionalUUID subject_condition_set_id = 2; 
   // Replaces entire list of actions permitted by subjects
   repeated policy.Action actions = 3;
 
diff --git a/service/policy/validator.proto b/service/policy/validator.proto
new file mode 100644
index 000000000..05a9a449d
--- /dev/null
+++ b/service/policy/validator.proto
@@ -0,0 +1,19 @@
+syntax = "proto3";
+
+package policy;
+
+import "buf/validate/validate.proto";
+
+message OptionalUUID {
+  string value = 1 [
+    (buf.validate.field).ignore_empty = true,
+    (buf.validate.field).string.uuid = true
+  ];
+}
+
+message RequiredUUID {
+  string value = 1 [
+    (buf.validate.field).required = true,
+    (buf.validate.field).string.uuid = true
+  ];
+}
\ No newline at end of file