Updates from Public

Signed-off-by: Frederick Witty <frederickw@mindpointgroup.com>

tasks/section_1/cis_1.6.x.yml

@@ -1,7 +1,9 @@
 ---
 
 - name: "1.6.1 | AUDIT | Ensure system-wide crypto policy is not legacy"
-  when: rhel9cis_rule_1_6_1
+  when:
+    - rhel9cis_rule_1_6_1
+    - rhel9cis_crypto_policy_ansiblemanaged
   tags:
     - level1-server
     - level1-workstation
@@ -21,12 +23,14 @@
   tags:
     - level1-server
     - level1-workstation
+    - sshd
     - automated
     - patch
     - rule_1.6.2
     - NIST800-53R5_SC-8
     - NIST800-53R5_IA-5
-    - NIST800-53R5_AC-17- NIST800-53R5_SC-6
+    - NIST800-53R5_AC-17
+    - NIST800-53R5_SC-6
   ansible.builtin.lineinfile:
     path: /etc/sysconfig/sshd
     regexp: ^CRYPTO_POLICY\s*=
@@ -37,6 +41,7 @@
   when:
     - rhel9cis_rule_1_6_3
     - "'NO-SHA1' not in rhel9cis_crypto_policy_module"
+    - rhel9cis_crypto_policy_ansiblemanaged
   tags:
     - level1-server
     - level1-workstation
@@ -67,6 +72,7 @@
   when:
     - rhel9cis_rule_1_6_4
     - "'NO-WEAKMAC' not in rhel9cis_crypto_policy_module"
+    - rhel9cis_crypto_policy_ansiblemanaged
   tags:
     - level1-server
     - level1-workstation
@@ -76,7 +82,6 @@
     - rule_1.6.4
     - NIST800-53R5_SC-6
   block:
-
     - name: "1.6.4 | PATCH | Ensure system wide crypto policy disables macs less than 128 bits | Add submodule exclusion"
       ansible.builtin.template:
         src: etc/crypto-policies/policies/modules/NO-WEAKMAC.pmod.j2
@@ -98,6 +103,7 @@
   when:
     - rhel9cis_rule_1_6_5
     - "'NO-SSHCBC' not in rhel9cis_crypto_policy_module"
+    - rhel9cis_crypto_policy_ansiblemanaged
   tags:
     - level1-server
     - level1-workstation
@@ -128,6 +134,7 @@
   when:
     - rhel9cis_rule_1_6_6
     - "'NO-SSHWEAKCIPHERS' not in rhel9cis_crypto_policy_module"
+    - rhel9cis_crypto_policy_ansiblemanaged
   tags:
     - level1-server
     - level1-workstation