diff --git a/README.md b/README.md
index ea3ead5..048c85f 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@
 Configure RHEL 9 machine to be [CIS](https://www.cisecurity.org/cis-benchmarks/) compliant with RHEL8 settings (RHEL9 not yet released)
 Based on v2.0.0 RHEL8
 
-Based on [CIS RedHat Enterprise Linux 8 Benchmark v1.0.1 - 05-19-2021 ](https://www.cisecurity.org/cis-benchmarks/)
+Based on [CIS RedHat Enterprise Linux 8 Benchmark v2.0.0. - 02-23-2022 ](https://www.cisecurity.org/cis-benchmarks/)
 
 ## Join us
 
diff --git a/defaults/main.yml b/defaults/main.yml
index b93995b..68ea1dd 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -17,6 +17,10 @@ rhel9cis_section4: true
 rhel9cis_section5: true
 rhel9cis_section6: true
 
+# This is used for audit purposes to run only specifc level use the tags
+# e.g.
+# - level1-server
+# - level2-workstation
 rhel9cis_level_1: true
 rhel9cis_level_2: true
 
diff --git a/tasks/section_1/cis_1.1.3.x.yml b/tasks/section_1/cis_1.1.3.x.yml
index c7fb986..8fa9e4b 100644
--- a/tasks/section_1/cis_1.1.3.x.yml
+++ b/tasks/section_1/cis_1.1.3.x.yml
@@ -38,7 +38,7 @@
       src: "{{ item.device }}"
       fstype: "{{ item.fstype }}"
       state: present
-      opts: defaults,{% if rhel9cis_rule_1_1_3_3 %}noexec,{% endif %}{% if rhel9cis_rule_1_1_3_2 %}nodev,{% endif %}{% if rhel9cis_rule_1_1_3_4 %}nosuid{% endif %}
+      opts: defaults,{% if rhel9cis_rule_1_1_3_2 %}nodev,{% endif %}{% if rhel9cis_rule_1_1_3_3 %}noexec,{% endif %}{% if rhel9cis_rule_1_1_3_4 %}nosuid{% endif %}
   with_items:
       - "{{ ansible_mounts }}"
   loop_control:
diff --git a/tasks/section_1/cis_1.1.4.x.yml b/tasks/section_1/cis_1.1.4.x.yml
index dbeab96..7ea3627 100644
--- a/tasks/section_1/cis_1.1.4.x.yml
+++ b/tasks/section_1/cis_1.1.4.x.yml
@@ -39,7 +39,7 @@
       src: "{{ item.device }}"
       fstype: "{{ item.fstype }}"
       state: present
-      opts: defaults,{% if rhel9cis_rule_1_1_4_2 %}noexec,{% endif %}{% if rhel9cis_rule_1_1_4_4 %}nodev,{% endif %}{% if rhel9cis_rule_1_1_4_3 %}nosuid{% endif %}
+      opts: defaults,{% if rhel9cis_rule_1_1_4_2 %}noexec,{% endif %}{% if rhel9cis_rule_1_1_4_3 %}nosuid,{% endif %}{% if rhel9cis_rule_1_1_4_3 %}noexec{% endif %}
   with_items:
       - "{{ ansible_mounts }}"
   loop_control:
diff --git a/tasks/section_1/cis_1.1.5.x.yml b/tasks/section_1/cis_1.1.5.x.yml
index f286fcc..c9343c4 100644
--- a/tasks/section_1/cis_1.1.5.x.yml
+++ b/tasks/section_1/cis_1.1.5.x.yml
@@ -37,7 +37,7 @@
       src: "{{ item.device }}"
       fstype: "{{ item.fstype }}"
       state: present
-      opts: defaults,{% if rhel9cis_rule_1_1_5_3 %}noexec,{% endif %}{% if rhel9cis_rule_1_1_5_2 %}nodev,{% endif %}{% if rhel9cis_rule_1_1_5_4 %}nosuid{% endif %}
+      opts: defaults,{% if rhel9cis_rule_1_1_5_2 %}nodev,{% endif %}{% if rhel9cis_rule_1_1_5_3 %}noexec,{% endif %}{% if rhel9cis_rule_1_1_5_4 %}nosuid{% endif %}
   with_items:
       - "{{ ansible_mounts }}"
   loop_control:
diff --git a/tasks/section_1/cis_1.1.8.x.yml b/tasks/section_1/cis_1.1.8.x.yml
index a61a6af..75bdabb 100644
--- a/tasks/section_1/cis_1.1.8.x.yml
+++ b/tasks/section_1/cis_1.1.8.x.yml
@@ -25,7 +25,7 @@
             src: tmpfs
             fstype: tmpfs
             state: mounted
-            opts: defaults,{% if rhel9cis_rule_1_1_8_2 %}noexec,{% endif %}{% if rhel9cis_rule_1_1_8_1 %}nodev,{% endif %}{% if rhel9cis_rule_1_1_8_3 %}nosuid{% endif %}
+            opts: defaults,{% if rhel9cis_rule_1_1_8_1 %}nodev,{% endif %}{% if rhel9cis_rule_1_1_8_2 %}noexec,{% endif %}{% if rhel9cis_rule_1_1_8_3 %}nosuid{% endif %}
         when: "'dev/shm' in rhel9cis_1_1_8_x_dev_shm_status.stdout"
         notify: change_requires_reboot
   when:
diff --git a/tasks/section_1/cis_1.2.x.yml b/tasks/section_1/cis_1.2.x.yml
index 19ef3d0..9ddfc98 100644
--- a/tasks/section_1/cis_1.2.x.yml
+++ b/tasks/section_1/cis_1.2.x.yml
@@ -44,7 +44,7 @@
       - name: "1.2.3 | PATCH | Ensure gpgcheck is globally activated | Update yum.repos"
         replace:
             name: "{{ item.path }}"
-            regexp: "^gpgcheck=0"
+            regexp: "^gpgcheck\s*=\s*0"
             replace: "gpgcheck=1"
         with_items:
             - "{{ yum_repos.files }}"
diff --git a/tasks/section_1/cis_1.5.x.yml b/tasks/section_1/cis_1.5.x.yml
index a969def..f9f4c31 100644
--- a/tasks/section_1/cis_1.5.x.yml
+++ b/tasks/section_1/cis_1.5.x.yml
@@ -3,7 +3,7 @@
 - name: "1.5.1 | PATCH | Ensure core dump storage is disabled"
   lineinfile:
       path: /etc/systemd/coredump.conf
-      regexp: 'Storage='
+      regexp: '^Storage\s*=\s*(?!none).*'
       line: 'Storage=none'
   notify: systemd_daemon_reload
   when:
@@ -19,7 +19,7 @@
 - name: "1.5.2 | PATCH | Ensure core dump backtraces are disabled"
   lineinfile:
       path: /etc/systemd/coredump.conf
-      regexp: 'ProcessSizeMax='
+      regexp: '^ProcessSizeMax\s*=\s*.*[1-9]$'
       line: 'ProcessSizeMax=0'
   when:
       - rhel9cis_rule_1_5_2
@@ -33,7 +33,7 @@
 
 - name: "1.5.3 | PATCH | Ensure address space layout randomization (ASLR) is enabled"
   debug:
-      msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/99-sysctl.conf"
+      msg: "Control being set via Handler 'update sysctl' which writes to /etc/sysctl.d/60-kernel_sysctl.conf"
   notify: 
       - update sysctl
   when:
diff --git a/tasks/section_1/cis_1.6.1.x.yml b/tasks/section_1/cis_1.6.1.x.yml
index b31600a..93e2eae 100644
--- a/tasks/section_1/cis_1.6.1.x.yml
+++ b/tasks/section_1/cis_1.6.1.x.yml
@@ -16,7 +16,7 @@
 - name: "1.6.1.2 | PATCH | Ensure SELinux is not disabled in bootloader configuration"
   replace:
       dest: /etc/default/grub
-      regexp: '(selinux|enforcing)\s*=\s*0\s*'
+      regexp: '(selinux|enforcing)\s*=(\s0|0).*'
       replace: ''
   register: selinux_grub_patch
   ignore_errors: yes