diff --git a/README.md b/README.md
index f54c90f..9829e4c 100644
--- a/README.md
+++ b/README.md
@@ -82,3 +82,9 @@ Below is an example of the tag section from a control within this role. Using th
       - patch
       - rule_2.2.4
 ```
+
+### Known Issues
+
+CIS 1.2.4 - repo_gpgcheck is not carried out for RedHat hosts as the  default repos do not have this function. Rocky and Alma not affected.
+Variable used to unset.
+rhel9cis_rhel_default_repo: true  # to be set to false if using repo that does have this ability
diff --git a/defaults/main.yml b/defaults/main.yml
index 80183cb..9d72d7b 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -365,6 +365,9 @@ rhel9cis_rh_sub_password: password
 # RedHat Satellite Subscription items
 rhel9cis_rhnsd_required: false
 
+# 1.2.4 repo_gpgcheck
+rhel9cis_rhel_default_repo: true
+
 # 1.4.2 Bootloader password
 rhel9cis_bootloader_password_hash: 'grub.pbkdf2.sha512.10000.9306A36764A7BEA3BF492D1784396B27F52A71812E9955A58709F94EE70697F9BD5366F36E07DEC41B52279A056E2862A93E42069D7BBB08F5DFC2679CD43812.6C32ADA5449303AD5E67A4C150558592A05381331DE6B33463469A236871FA8E70738C6F9066091D877EF88A213C86825E093117F30E9E1BF158D0DB75E7581B'
 rhel9cis_bootloader_password: random
diff --git a/tasks/prelim.yml b/tasks/prelim.yml
index 9209849..3593a90 100644
--- a/tasks/prelim.yml
+++ b/tasks/prelim.yml
@@ -112,6 +112,7 @@
       state: latest
   when:
       - rhel9cis_rule_1_2_4
+      - ansible_distribution != 'RedHat'
 
 - name: "PRELIM | Section 4.1 | Configure System Accounting (auditd)"
   ansible.builtin.package:
diff --git a/tasks/section_1/cis_1.2.x.yml b/tasks/section_1/cis_1.2.x.yml
index 62fae23..67128a7 100644
--- a/tasks/section_1/cis_1.2.x.yml
+++ b/tasks/section_1/cis_1.2.x.yml
@@ -101,16 +101,17 @@
         register: repo_files
 
       - name: "1.2.4 | PATCH | Ensure repo_gpgcheck is globally activated | amend repo files"
-        ansible.builtin.lineinfile:
+        ansible.builtin.replace:
           path: "{{ item.path }}"
-          regexp: '^repo_gpgcheck'
-          line: repo_gpgcheck=1
+          regexp: '^repo_gpgcheck( |)=( |)0'
+          replace: repo_gpgcheck=1
         loop: "{{ repo_files.files }}"
         loop_control:
             label: "{{ item.path }}"
 
   when:
       - rhel9cis_rule_1_2_4
+      - not rhel9cis_rhel_default_repo or ansible_distribution != 'RedHat'
   tags:
       - level1-server
       - level1-workstation