diff --git a/Changelog.md b/Changelog.md
index ef5157b..34b805a 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,5 +1,9 @@
 # Changes to rhel9CIS
 
+## 1.0.8
+
+rule_1.10 improvements allowing for module checking (useful for AD)
+
 ## 1.0.7
 
 lint and yaml updates
@@ -8,7 +12,7 @@ improvements to 6.1.10, 6.1.11, 6.1.13, 6.1.14
 
 ## 1.0.6
 
-updated ymlalint as galaxy doenst honouyr local settings
+updated yamllint as galaxy doesn't honour local settings
 removed empty lines in files
 
 ## 1.0.5
diff --git a/defaults/main.yml b/defaults/main.yml
index ee4f51b..9d3c003 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -380,9 +380,11 @@ rhel9cis_dconf_db_name: local
 rhel9cis_screensaver_idle_delay: 900  # Set max value for idle-delay in seconds (between 1 and 900)
 rhel9cis_screensaver_lock_delay: 5  # Set max value for lock-delay in seconds (between 0 and 5)
 
-# 1.10 Set crypto policy DEFAULT
-# Control 1.10 states not to use LEGACY
-rhel9cis_crypto_policy: "DEFAULT"
+# 1.10/1.11 Set crypto policy (LEGACY, DEFAULT, FUTURE, FIPS)
+# Control 1.10 states do not use LEGACY and control 1.11 says to use FUTURE or FIPS.
+rhel9cis_crypto_policy: 'DEFAULT'
+# Added module to be allowed as default setting (Allowed options in vars/main.yml)
+rhel9cis_crypto_policy_module: ''
 
 # System network parameters (host only OR host and router)
 rhel9cis_is_router: false
diff --git a/tasks/main.yml b/tasks/main.yml
index 2bb0f3f..f30753b 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -20,20 +20,20 @@
   tags:
       - always
 
-- name: "Check password set for {{ ansible_user }}"
+- name: "Check password set for {{ ansible_env.SUDO_USER }}"
   block:
-      - name: Capture current password state of "{{ ansible_user }}"
-        ansible.builtin.shell: "grep {{ ansible_user }} /etc/shadow | awk -F: '{print $2}'"
+      - name: "Check password set for {{ ansible_env.SUDO_USER }} | password state"
+        ansible.builtin.shell: "grep {{ ansible_env.SUDO_USER }} /etc/shadow | awk -F: '{print $2}'"
         changed_when: false
         failed_when: false
         check_mode: false
-        register: ansible_user_password_set
+        register: rhel9cis_ansible_user_password_set
 
-      - name: "Assert that password set for {{ ansible_user }} and account not locked"
+      - name: "Check password set for {{ ansible_env.SUDO_USER }} | Assert password set and not locked"
         ansible.builtin.assert:
-            that: ansible_user_password_set.stdout | length != 0 and ansible_user_password_set.stdout != "!!"
-            fail_msg: "You have {{ sudo_password_rule }} enabled but the user = {{ ansible_user }} has no password set - It can break access"
-            success_msg: "You a password set for the {{ ansible_user }}"
+            that: ansible_user_password_set.stdout | length != 0 and rhel9cis_ansible_user_password_set.stdout != "!!"
+            fail_msg: "You have {{ sudo_password_rule }} enabled but the user = {{ ansible_env.SUDO_USER }} has no password set - It can break access"
+            success_msg: "You have a password set for the {{ ansible_env.SUDO_USER }} user"
         vars:
             sudo_password_rule: rhel9cis_rule_5_3_4
   when:
@@ -41,6 +41,7 @@
       - not system_is_ec2
   tags:
       - user_passwd
+      - rule_5.3.4
 
 - name: "Ensure root password is set"
   block:
@@ -92,6 +93,17 @@
       fail_msg: "Crypto policy is not a permitted version"
       success_msg: "Crypto policy is a permitted version"
 
+- name: Check crypto-policy module input
+  ansible.builtin.assert:
+      that: rhel9cis_crypto_policy_module in rhel9cis_allowed_crypto_policies_modules
+      fail_msg: "Crypto policy module is not a permitted version"
+      success_msg: "Crypto policy module is a permitted version"
+  when:
+      - rhel9cis_rule_1_10
+      - rhel9cis_crypto_policy_module | length > 0
+  tags:
+      - rule_1.10
+
 - name: Check rhel9cis_bootloader_password_hash variable has been changed
   ansible.builtin.assert:
       that: rhel9cis_bootloader_password_hash.find('grub.pbkdf2.sha512') != -1 and rhel9cis_bootloader_password_hash != 'grub.pbkdf2.sha512.changethispassword'
diff --git a/tasks/prelim.yml b/tasks/prelim.yml
index f555337..65d4be4 100644
--- a/tasks/prelim.yml
+++ b/tasks/prelim.yml
@@ -54,7 +54,7 @@
 
 - name: "PRELIM | Setup crypto-policy"
   block:
-      - name: "PRELIM | Install crypto-policies"
+      - name: "PRELIM | Install crypto-policies | pkgs present"
         ansible.builtin.package:
             name:
                 - crypto-policies
@@ -62,10 +62,19 @@
             state: present
 
       - name: "PRELIM | Gather system-wide crypto-policy"
-        ansible.builtin.shell: update-crypto-policies --show
+        ansible.builtin.shell: 'update-crypto-policies --show'
         changed_when: false
         check_mode: false
-        register: system_wide_crypto_policy
+        register: rhel9cis_system_wide_crypto_policy
+
+      - name: "PRELIM | Gather system-wide crypto-policy | set fact system policy"
+        ansible.builtin.set_fact:
+            current_crypto_policy: "{{ rhel9cis_system_wide_crypto_policy.stdout.split(':')[0] }}"
+
+      - name: "PRELIM | Gather system-wide crypto-policy module | set fact system policy submodule"
+        ansible.builtin.set_fact:
+            current_crypto_module: "{{ rhel9cis_system_wide_crypto_policy.stdout.split(':')[1] }}"
+        when: "':' in rhel9cis_system_wide_crypto_policy.stdout"
   when:
       - rhel9cis_rule_1_10
   tags:
diff --git a/tasks/section_1/cis_1.1.x.yml b/tasks/section_1/cis_1.1.x.yml
index c4826c9..bf76b5c 100644
--- a/tasks/section_1/cis_1.1.x.yml
+++ b/tasks/section_1/cis_1.1.x.yml
@@ -16,7 +16,7 @@
         community.general.modprobe:
             name: usb-storage
             state: absent
-        when: not system_is_container      
+        when: not system_is_container
 
       - name: "1.1.9 | PATCH | Disable USB Storage | blacklist"
         ansible.builtin.lineinfile:
diff --git a/tasks/section_1/cis_1.10.yml b/tasks/section_1/cis_1.10.yml
index c43e445..ed6774d 100644
--- a/tasks/section_1/cis_1.10.yml
+++ b/tasks/section_1/cis_1.10.yml
@@ -1,16 +1,25 @@
 ---
 
 - name: "1.10 | PATCH | Ensure system-wide crypto policy is not legacy"
-  ansible.builtin.shell: |
-      update-crypto-policies --set "{{ rhel9cis_crypto_policy }}"
-      update-crypto-policies
-  notify: Change_requires_reboot
+  block:
+      - name: "1.10 | PATCH | Ensure system-wide crypto policy is not legacy | set_fact"
+        ansible.builtin.set_fact:
+            rhel9cis_full_crypto_policy: "{{ rhel9cis_crypto_policy }}{% if rhel9cis_crypto_policy_module | length > 0 %}:{{ rhel9cis_crypto_policy_module }}{% endif %}"
+
+      - name: "1.10 | PATCH | Ensure system-wide crypto policy is not legacy"
+        ansible.builtin.shell: |
+            update-crypto-policies --set "{{ rhel9cis_full_crypto_policy }}"
+            update-crypto-policies
+        notify: change_requires_reboot
+        when:
+            - rhel9cis_system_wide_crypto_policy.stdout != rhel9cis_full_crypto_policy
   when:
       - rhel9cis_rule_1_10
-      - system_wide_crypto_policy['stdout'] == 'LEGACY'
+
   tags:
       - level1-server
       - level1-workstation
+      - automated
       - no system_is_ec2
       - patch
       - rule_1.10
diff --git a/vars/main.yml b/vars/main.yml
index 2a93184..022c230 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -7,6 +7,11 @@ rhel9cis_allowed_crypto_policies:
     - 'FUTURE'
     - 'FIPS'
 
+rhel9cis_allowed_crypto_policies_modules:
+    - 'OSPP'
+    - 'AD-SUPPORT'
+    - 'AD-SUPPORT-LEGACY'
+
 # Used to control warning summary
 warn_control_list: ""
 warn_count: 0