diff --git a/Changelog.md b/Changelog.md
index 34443c4..5fca72d 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -8,7 +8,7 @@ README latest versions
 Audit improvements and max-concurrent option added
 Benchmark version variable in audit template
 fixed typo thanks to @fragglexarmy #393
-fixed typo thanks to @trumbaut #397
+fixed typo thanks to @trumbaut #397 & #399
 
 ## 2.0.3 - Based on CIS v2.0.0
 
diff --git a/tasks/section_5/cis_5.1.x.yml b/tasks/section_5/cis_5.1.x.yml
index 42ca036..dc450ea 100644
--- a/tasks/section_5/cis_5.1.x.yml
+++ b/tasks/section_5/cis_5.1.x.yml
@@ -41,8 +41,8 @@
       ansible.builtin.file:
         path: "{{ item.path }}"
         owner: root
-        group: root
-        mode: 'u-x,go-rwx'
+        group: "{{ 'ssh_keys' if (item.gr_name == 'ssh_keys') else 'root' }}"
+        mode: "{{ 'u-x,g-wx,o-rwx' if (item.gr_name == 'ssh_keys') else 'u-x,go-rwx' }}"
       loop: "{{ discovered_ssh_private_host_key.files }}"
       loop_control:
         label: "{{ item.path }}"