diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 6abad7b..adecfe0 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -42,13 +42,13 @@ repos:
     name: Detect Secrets test
 
 - repo: https://github.com/gitleaks/gitleaks
-  rev: v8.30.0
+  rev: v8.30.1
   hooks:
   - id: gitleaks
     name: Run Gitleaks test
 
 - repo: https://github.com/ansible-community/ansible-lint
-  rev: v26.1.1
+  rev: v26.3.0
   hooks:
   - id: ansible-lint
     name: Ansible-lint
diff --git a/defaults/main.yml b/defaults/main.yml
index 4245f53..7de968f 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -959,6 +959,13 @@ rhel9cis_ssh_maxsessions: 4
 # This variable defines the path and file name of the sudo log file.
 rhel9cis_sudolog_location: "/var/log/sudo.log"
 
+## Control 5.2.4 - Ensure users must provide password for escalation
+# The following variable specifies a list of users that should not be required to provide a password
+# for escalation. Feel free to edit it according to your needs.
+rhel9cis_sudoers_exclude_nopasswd_list:
+  - ec2-user
+  - vagrant
+
 ## Control 5.2.x - Ensure sudo authentication timeout is configured correctly
 # This variable sets the duration (in minutes) during which a user's authentication credentials
 # are cached after successfully authenticating using "sudo". This allows the user to execute
@@ -1104,7 +1111,7 @@ rhel9cis_passwd_dictcheck_file: etc/security/pwquality.conf.d/50-pwdictcheck.con
 rhel9cis_passwd_dictcheck_value: 1
 
 # 5.3.3.2.7 - Ensure password quality is enforced for the root user
-rhel9cis_passwd_quality_enforce_file: etc/security/pwquality.conf.d/50-pwquality_enforce.conf  # pragma: allowlist secret
+rhel9cis_passwd_quality_enforce_file: etc/security/pwquality.conf.d/50-pwroot.conf  # pragma: allowlist secret
 rhel9cis_passwd_quality_enforce_value: 1
 rhel9cis_passwd_quality_enforce_root_value: enforce_for_root  # pragma: allowlist secret
 
diff --git a/tasks/prelim.yml b/tasks/prelim.yml
index 09e3620..91e576d 100644
--- a/tasks/prelim.yml
+++ b/tasks/prelim.yml
@@ -259,6 +259,8 @@
 
 - name: "PRELIM | PATCH | sshd_config.d/50-redhat.conf exists"
   when: rhel9cis_rule_5_1_10 or rhel9cis_rule_5_1_11
+  tags:
+    - always
   ansible.builtin.stat:
     path: /etc/ssh/sshd_config.d/50-redhat.conf
   register: prelim_sshd_50_redhat_file
diff --git a/tasks/section_5/cis_5.3.3.2.x.yml b/tasks/section_5/cis_5.3.3.2.x.yml
index aa2e0f8..a53d857 100644
--- a/tasks/section_5/cis_5.3.3.2.x.yml
+++ b/tasks/section_5/cis_5.3.3.2.x.yml
@@ -340,7 +340,7 @@
         - system
       notify: Authselect update
 
-- name: "5.3.3.2.7 | PATCH | Ensure password quality checking is enforced"
+- name: "5.3.3.2.7 | PATCH | Ensure password quality is enforced for the root user"
   when: rhel9cis_rule_5_3_3_2_7
   tags:
     - level1-server