diff --git a/tasks/section_5/cis_5.1.x.yml b/tasks/section_5/cis_5.1.x.yml
index 42ca036..34a462a 100644
--- a/tasks/section_5/cis_5.1.x.yml
+++ b/tasks/section_5/cis_5.1.x.yml
@@ -41,8 +41,8 @@
       ansible.builtin.file:
         path: "{{ item.path }}"
         owner: root
-        group: root
-        mode: 'u-x,go-rwx'
+        group: "{{ 'ssh_keys' if (item.group == 'ssh_keys') else 'root' }}"
+        mode: "{{ 'u-x,g-wx,o-rwx' if (item.group == 'ssh_keys') else 'u-x,go-rwx' }}"
       loop: "{{ discovered_ssh_private_host_key.files }}"
       loop_control:
         label: "{{ item.path }}"