diff --git a/defaults/main.yml b/defaults/main.yml
index 6b916a5..635d8ea 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -637,7 +637,7 @@ rhel9cis_futurepwchgdate_autofix: true
 # 5.7
 # rhel9cis_sugroup: sugroup  # change accordingly wheel is default
 
-# wheel users list
+# wheel users list please supply comma seperated e.g. "vagrant,root"
 rhel9cis_sugroup_users: "root"
 
 ## Section6 vars
diff --git a/tasks/section_5/cis_5.3.x.yml b/tasks/section_5/cis_5.3.x.yml
index 25d05d2..823d142 100644
--- a/tasks/section_5/cis_5.3.x.yml
+++ b/tasks/section_5/cis_5.3.x.yml
@@ -120,8 +120,9 @@
 
       - name: "5.3.7 | PATCH | Ensure access to the su command is restricted | wheel group contains root"
         ansible.builtin.user:
-            name: "{{ rhel9cis_sugroup_users }}"
+            name: "{{ item }}"
             groups: "{{ rhel9cis_sugroup | default('wheel') }}"
+        loop: "{{ rhel9cis_sugroup_users | split (',') }}"
   when:
       - rhel9cis_rule_5_3_7
   tags: