diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_include_crypto_policy/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_include_crypto_policy/rule.yml
index 605707f1e7fb..aa64ffa1f4b7 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_include_crypto_policy/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_include_crypto_policy/rule.yml
@@ -6,7 +6,7 @@ description: |-
     SSHD should follow the system cryptographic policy.
     In order to accomplish this the SSHD configuration should include the configuration file provided by the system crypto policy.
     The following line should be present in <tt>/etc/ssh/sshd_config</tt> or in a file included by this file (a file within the <tt>/etc/ssh/sshd_config.d</tt> directory):
-    <pre>Include /etc/crypto-policies/back-ends/opensshserver.config</pre>
+    <pre>Include {{{ openssh_server_crypto_policy_config_file }}}</pre>
 
 
 rationale: |-
@@ -28,8 +28,8 @@ checktext: |-
     <pre>sudo grep -R "Include /etc/ssh/sshd_config"  /etc/ssh/sshd_config.d/
 
     /etc/ssh/sshd_config:Include /etc/ssh/sshd_config.d/*.conf
-    /etc/ssh/sshd_config.d/50-redhat.conf:Include /etc/crypto-policies/back-ends/opensshserver.config</pre>
-    If "Include /etc/ssh/sshd_config.d/*.conf" or "Include /etc/crypto-policies/back-ends/opensshserver.config" are not included in the system sshd config or if the file "/etc/ssh/sshd_config.d/50-redhat.conf" is missing, this is a finding.
+    /etc/ssh/sshd_config.d/50-redhat.conf:Include {{{ openssh_server_crypto_policy_config_file }}}</pre>
+    If "Include /etc/ssh/sshd_config.d/*.conf" or "Include {{{ openssh_server_crypto_policy_config_file }}}" are not included in the system sshd config or if the file "/etc/ssh/sshd_config.d/50-redhat.conf" is missing, this is a finding.
 
 fixtext: |-
     Configure the {{{ full_name }}} SSH daemon to use systemwide crypto policies.
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/oval/shared.xml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/oval/shared.xml
index 57adf654f1ca..58ab049c671e 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/oval/shared.xml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/oval/shared.xml
@@ -1,5 +1,5 @@
 {{% if product in ['ol8', 'rhel8'] %}}
-{{% set path='/etc/crypto-policies/back-ends/opensshserver.config' %}}
+{{% set path=openssh_server_crypto_policy_config_file %}}
 {{% set prefix_conf="^\s*CRYPTO_POLICY\s*=.*-oKexAlgorithms=" %}}
 {{% set kex_algos=["ecdh-sha2-nistp256","ecdh-sha2-nistp384",
              "ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256",
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml
index 54265ea53bc9..9a4a01564615 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml
@@ -1,5 +1,5 @@
 {{% if product in ['ol8', 'rhel8'] %}}
-{{% set path='/etc/crypto-policies/back-ends/opensshserver.config' %}}
+{{% set path=openssh_server_crypto_policy_config_file %}}
 {{% set conf="CRYPTO_POLICY='-oKexAlgorithms=ecdh-sha2-nistp256,ecdh-sha2-nistp384" ~
              ",ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256" ~
              ",diffie-hellman-group14-sha256,diffie-hellman-group16-sha512" ~
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/ansible/shared.yml
index c31e056c6e3c..3c654bc0d0c7 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/ansible/shared.yml
@@ -4,10 +4,11 @@
 # complexity = low
 # disruption = low
 {{{ ansible_instantiate_variables("sshd_approved_ciphers") }}}
+{{%- set openssh_client_policy_file = openssh_client_crypto_policy_config_file -%}}
 
 {{{ ansible_set_config_file(
         msg='Configure SSH Daemon to Use FIPS 140-2 Validated Ciphers: openssh.config',
-        file='/etc/crypto-policies/back-ends/openssh.config',
+        file=openssh_client_policy_file,
         parameter='Ciphers',
         value="{{ sshd_approved_ciphers }}",
         create='yes',
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/bash/shared.sh
index 7f5863452d2b..768954d3161b 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/bash/shared.sh
@@ -1,9 +1,10 @@
 # platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,multi_platform_fedora
 
 {{{ bash_instantiate_variables("sshd_approved_ciphers") }}}
+{{%- set openssh_client_policy_file = openssh_client_crypto_policy_config_file -%}}
 
 {{{ set_config_file(
-        path="/etc/crypto-policies/back-ends/openssh.config",
+        path=openssh_client_policy_file,
         parameter="Ciphers",
         value="${sshd_approved_ciphers}",
         create=true,
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/oval/shared.xml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/oval/shared.xml
index ac74c021e292..603ce24415a3 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/oval/shared.xml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/oval/shared.xml
@@ -1,4 +1,4 @@
-{{%- set PATH = "/etc/crypto-policies/back-ends/openssh.config" -%}}
+{{%- set PATH = openssh_client_crypto_policy_config_file -%}}
 <def-group>
   <definition class="compliance" id="{{{ rule_id }}}" version="1">
     {{{ oval_metadata("Limit the Ciphers to those which are FIPS-approved.", rule_title=rule_title) }}}
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
index dc167e5af486..c5f308067184 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
@@ -9,7 +9,7 @@ description: |-
     set up incorrectly.
 
     To check that Crypto Policies settings for ciphers are configured correctly, ensure that
-    <tt>/etc/crypto-policies/back-ends/openssh.config</tt> contains the following
+    <tt>{{{ openssh_client_crypto_policy_config_file }}}</tt> contains the following
     line and is not commented out:
     <pre>Ciphers {{{ xccdf_value("sshd_approved_ciphers") }}}</pre>
 
@@ -35,7 +35,7 @@ ocil_clause: 'Crypto Policy for OpenSSH client is not configured correctly'
 
 ocil: |-
     To verify if the OpenSSH client uses defined Cipher suite in the Crypto Policy, run:
-    <pre>$ grep -i ciphers /etc/crypto-policies/back-ends/openssh.config</pre>
+    <pre>$ grep -i ciphers {{{ openssh_client_crypto_policy_config_file }}}</pre>
     and verify that the line matches:
     <pre>Ciphers {{{ xccdf_value("sshd_approved_ciphers") }}}</pre>
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/ansible/shared.yml
index e13f3c36e772..6d475bb9588d 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/ansible/shared.yml
@@ -4,10 +4,11 @@
 # complexity = low
 # disruption = low
 {{{ ansible_instantiate_variables("sshd_approved_ciphers") }}}
+{{%- set openssh_server_policy_file = openssh_server_crypto_policy_config_file -%}}
 
 -   name: "{{{ rule_title }}}: Set relevant paths and correct value"
     ansible.builtin.set_fact:
-        opensshserver_path: /etc/crypto-policies/back-ends/opensshserver.config
+        opensshserver_path: "{{{ openssh_server_policy_file }}}"
         local_path: /etc/crypto-policies/local.d/opensshserver-ssg.config
         correct_value: "-oCiphers={{ sshd_approved_ciphers }}"
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/bash/shared.sh
index 43fed0ef36de..e5afb9c11c12 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/bash/shared.sh
@@ -1,8 +1,9 @@
 # platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
 
 {{{ bash_instantiate_variables("sshd_approved_ciphers") }}}
+{{%- set openssh_server_policy_file = openssh_server_crypto_policy_config_file -%}}
 
-CONF_FILE=/etc/crypto-policies/back-ends/opensshserver.config
+CONF_FILE="{{{ openssh_server_policy_file }}}"
 LOCAL_CONF_DIR=/etc/crypto-policies/local.d
 LOCAL_CONF_FILE=${LOCAL_CONF_DIR}/opensshserver-ssg.config
 correct_value="-oCiphers=${sshd_approved_ciphers}"
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/oval/shared.xml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/oval/shared.xml
index 7f0823a567f2..e71fb7ddea0d 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/oval/shared.xml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/oval/shared.xml
@@ -1,4 +1,4 @@
-{{%- set PATH = "/etc/crypto-policies/back-ends/opensshserver.config" -%}}
+{{%- set PATH = openssh_server_crypto_policy_config_file -%}}
 <def-group>
   <definition class="compliance" id="{{{ rule_id }}}" version="1">
     {{{ oval_metadata("Limit the Ciphers to those which are FIPS-approved.", rule_title=rule_title) }}}
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
index 83bb45dc915a..e44749552311 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
@@ -1,4 +1,5 @@
 documentation_complete: true
+{{% set openssh_server_policy_file = openssh_server_crypto_policy_config_file %}}
 
 
 title: 'Configure SSH Server to Use FIPS 140-2 Validated Ciphers: opensshserver.config'
@@ -9,7 +10,7 @@ description: |-
     set up incorrectly.
 
     To check that Crypto Policies settings for ciphers are configured correctly, ensure that
-    <tt>/etc/crypto-policies/back-ends/opensshserver.config</tt> contains the following
+    <tt>{{{ openssh_server_policy_file }}}</tt> contains the following
     text and is not commented out:
     <pre>-oCiphers={{{ xccdf_value("sshd_approved_ciphers") }}}</pre>
 
@@ -36,7 +37,7 @@ ocil_clause: 'Crypto Policy for OpenSSH Server is not configured correctly'
 
 ocil: |-
     To verify if the OpenSSH server uses defined ciphers in the Crypto Policy, run:
-    <pre>$ grep -Po '(-oCiphers=\S+)' /etc/crypto-policies/back-ends/opensshserver.config</pre>
+    <pre>$ grep -Po '(-oCiphers=\S+)' {{{ openssh_server_policy_file }}}</pre>
     and verify that the line matches:
     <pre>-oCiphers={{{ xccdf_value("sshd_approved_ciphers") }}}</pre>
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/oval/shared.xml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/oval/shared.xml
index 2db2d450afed..6ac15cdb5cc9 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/oval/shared.xml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/oval/shared.xml
@@ -1 +1 @@
-{{{ oval_check_config_file(path="/etc/crypto-policies/back-ends/opensshserver.config", prefix_regex="^(?:.*\\n)*\s*", parameter="CRYPTO_POLICY", value="'-oCiphers=aes256-ctr,aes128-ctr,aes256-cbc,aes128-cbc -oMACs=hmac-sha2-512,hmac-sha2-256 -oGSSAPIKeyExchange=no -oKexAlgorithms=ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 -oPubkeyAcceptedKeyTypes=rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256'", separator_regex="=", application="sshd", rule_id=rule_id, rule_title=rule_title) }}}
+{{{ oval_check_config_file(path=openssh_server_crypto_policy_config_file, prefix_regex="^(?:.*\\n)*\s*", parameter="CRYPTO_POLICY", value="'-oCiphers=aes256-ctr,aes128-ctr,aes256-cbc,aes128-cbc -oMACs=hmac-sha2-512,hmac-sha2-256 -oGSSAPIKeyExchange=no -oKexAlgorithms=ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 -oPubkeyAcceptedKeyTypes=rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256'", separator_regex="=", application="sshd", rule_id=rule_id, rule_title=rule_title) }}}
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/rule.yml
index 99315ff87e42..7cba7acc6188 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/rule.yml
@@ -1,4 +1,5 @@
 documentation_complete: true
+{{% set openssh_server_policy_file = openssh_server_crypto_policy_config_file %}}
 
 
 title: 'Harden SSHD Crypto Policy'
@@ -7,7 +8,7 @@ description: |-
     Crypto Policies are means of enforcing certain cryptographic settings for selected applications including OpenSSH server.
     The SSHD service is by default configured to modify its configuration based on currently configured Crypto-Policy. However, in certain cases it might be needed to override the Crypto Policy specific to OpenSSH Server and leave rest of the Crypto Policy intact.
     This can be done by dropping a file named <tt>opensshserver-xxx.config</tt>, replacing <tt>xxx</tt> with arbitrary identifier, into <tt>/etc/crypto-policies/local.d</tt>. This has to be followed by running <tt>update-crypto-policies</tt> so that changes are applied.
-    Changes are propagated into <tt>/etc/crypto-policies/back-ends/opensshserver.config</tt>. This rule checks if this file contains predefined <tt>CRYPTO_POLICY</tt> environment variable configured with predefined value.
+    Changes are propagated into <tt>{{{ openssh_server_policy_file }}}</tt>. This rule checks if this file contains predefined <tt>CRYPTO_POLICY</tt> environment variable configured with predefined value.
 
 rationale: |-
     The Common Criteria requirements specify that certain parameters for OpenSSH Server are configured e.g. supported ciphers, accepted host key algorithms, public key types, key exchange algorithms, HMACs and GSSAPI key exchange is disabled. Currently particular requirements specified by CC are stricter compared to any existing Crypto Policy.
@@ -28,7 +29,7 @@ ocil_clause: 'Crypto Policy for OpenSSH Server is not configured according to CC
 
 ocil: |-
     To verify if the OpenSSH server uses defined Crypto Policy, run:
-    <pre>$ grep 'CRYPTO_POLICY' /etc/crypto-policies/back-ends/opensshserver.config | tail -n 1</pre>
+    <pre>$ grep 'CRYPTO_POLICY' {{{ openssh_server_policy_file }}} | tail -n 1</pre>
     and verify that the line matches
     <pre>CRYPTO_POLICY='-oCiphers=aes256-ctr,aes128-ctr,aes256-cbc,aes128-cbc -oMACs=hmac-sha2-512,hmac-sha2-256 -oGSSAPIKeyExchange=no -oKexAlgorithms=ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 -oPubkeyAcceptedKeyTypes=rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256'</pre>
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct.pass.sh
index d0541b7ab6ce..b95dad27e1e9 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct.pass.sh
@@ -1,5 +1,6 @@
 #!/bin/bash
 # platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# packages = crypto-policies-scripts
 
 configfile=/etc/crypto-policies/back-ends/opensshserver.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_commented.fail.sh
index 44434606deba..dee5b0842374 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_commented.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_commented.fail.sh
@@ -1,5 +1,6 @@
 #!/bin/bash
 # platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# packages = crypto-policies-scripts
 
 configfile=/etc/crypto-policies/back-ends/opensshserver.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_followed_by_incorrect.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
index a92227669a88..9b15274eb853 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
@@ -1,5 +1,6 @@
 #!/bin/bash
 # platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# packages = crypto-policies-scripts
 
 configfile=/etc/crypto-policies/back-ends/opensshserver.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_file.fail.sh
index b1e285f9bb5a..b1161346eda2 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_file.fail.sh
@@ -1,5 +1,6 @@
 #!/bin/bash
 # platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# packages = crypto-policies-scripts
 
 configfile=/etc/crypto-policies/back-ends/opensshserver.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_policy.fail.sh
index 754195e43d45..1e6c053b0e7b 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_policy.fail.sh
@@ -1,5 +1,6 @@
 #!/bin/bash
 # platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# packages = crypto-policies-scripts
 
 configfile=/etc/crypto-policies/back-ends/opensshserver.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_followed_by_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
index 8bf264dcd5f2..c2b06ed61fbf 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
@@ -1,5 +1,6 @@
 #!/bin/bash
 # platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# packages = crypto-policies-scripts
 
 configfile=/etc/crypto-policies/back-ends/opensshserver.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_policy.fail.sh
index a76346699149..4537d60b1a61 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_policy.fail.sh
@@ -1,5 +1,6 @@
 #!/bin/bash
 # platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# packages = crypto-policies-scripts
 
 configfile=/etc/crypto-policies/back-ends/opensshserver.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/missing_file.fail.sh
index 1928d2cfe916..84155e65aa8d 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/missing_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/missing_file.fail.sh
@@ -1,5 +1,6 @@
 #!/bin/bash
 # platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# packages = crypto-policies-scripts
 
 configfile=/etc/crypto-policies/back-ends/opensshserver.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/ansible/shared.yml
index 9fce65f7e870..9cb8d3e80039 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/ansible/shared.yml
@@ -4,12 +4,14 @@
 # complexity = low
 # disruption = low
 {{{ ansible_instantiate_variables("sshd_approved_macs") }}}
+{{%- set openssh_client_policy_file = openssh_client_crypto_policy_config_file -%}}
 
-{{{ ansible_set_config_file(
+{{{ ansible_only_lineinfile(
         msg='Configure SSH Daemon to Use FIPS 140-2 Validated MACs: openssh.config',
-        file='/etc/crypto-policies/back-ends/openssh.config',
-        parameter='MACs',
-        value="{{ sshd_approved_macs }}",
+        path=openssh_client_policy_file,
+        line_regex='^.*MACs\\s+',
+        new_line='MACs {{ sshd_approved_macs }}',
         create='yes',
-        prefix_regex='^.*', rule_title=rule_title)
+        block=True,
+        rule_title=rule_title)
 }}}
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/bash/shared.sh
index 174ee6719a23..a77d89cdee5c 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/bash/shared.sh
@@ -1,9 +1,10 @@
 # platform = Red Hat Enterprise Linux 8,multi_platform_ol,multi_platform_fedora
 
 {{{ bash_instantiate_variables("sshd_approved_macs") }}}
+{{%- set openssh_client_policy_file = openssh_client_crypto_policy_config_file -%}}
 
 {{{ set_config_file(
-        path="/etc/crypto-policies/back-ends/openssh.config",
+        path=openssh_client_policy_file,
         parameter="MACs",
         value="${sshd_approved_macs}",
         create=true,
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/oval/shared.xml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/oval/shared.xml
index 5b7a360a3dfe..04e029e5614f 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/oval/shared.xml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/oval/shared.xml
@@ -1,4 +1,4 @@
-{{%- set PATH = "/etc/crypto-policies/back-ends/openssh.config" -%}}
+{{%- set PATH = openssh_client_crypto_policy_config_file -%}}
 <def-group>
   <definition class="compliance" id="{{{ rule_id }}}" version="1">
     {{{ oval_metadata("Limit the Message Authentication Codes (MACs) to those which are FIPS-approved.", rule_title=rule_title) }}}
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
index 3a7b33427d01..db6337fce4d8 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
@@ -1,4 +1,5 @@
 documentation_complete: true
+{{% set openssh_client_policy_file = openssh_client_crypto_policy_config_file %}}
 
 
 title: 'Configure SSH Client to Use FIPS 140-2 Validated MACs: openssh.config'
@@ -9,7 +10,7 @@ description: |-
     set up incorrectly.
 
     To check that Crypto Policies settings are configured correctly, ensure that
-    <tt>/etc/crypto-policies/back-ends/openssh.config</tt> contains the following
+    <tt>{{{ openssh_client_policy_file }}}</tt> contains the following
     line and is not commented out:
     <tt>MACs {{{ xccdf_value("sshd_approved_macs") }}}</tt>
 
@@ -33,7 +34,7 @@ ocil_clause: 'Crypto Policy for OpenSSH client is not configured correctly'
 
 ocil: |-
     To verify if the OpenSSH client uses defined MACs in the Crypto Policy, run:
-    <pre>$ grep -i macs /etc/crypto-policies/back-ends/openssh.config</pre>
+    <pre>$ grep -i macs {{{ openssh_client_policy_file }}}</pre>
     and verify that the line matches:
     <pre>MACs {{{ xccdf_value("sshd_approved_macs") }}}</pre>
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
index a819b2dd0708..4c8f67261b5e 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
@@ -1,5 +1,6 @@
 #!/bin/bash
 # platform = Red Hat Enterprise Linux 8,multi_platform_ol,multi_platform_fedora
+# remediation = bash
 # variables = sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
 
 sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
index b0fea133a9a9..e096776e7017 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
@@ -1,5 +1,6 @@
 #!/bin/bash
 # platform = Red Hat Enterprise Linux 8,multi_platform_ol,multi_platform_fedora
+# remediation = bash
 # variables = sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
 
 sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/ansible/shared.yml
index 21ab040b517e..1bc2f71ff295 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/ansible/shared.yml
@@ -4,10 +4,11 @@
 # complexity = low
 # disruption = low
 {{{ ansible_instantiate_variables("sshd_approved_macs") }}}
+{{%- set openssh_server_policy_file = openssh_server_crypto_policy_config_file -%}}
 
 -   name: "{{{ rule_title }}}: Set relevant paths and correct value"
     ansible.builtin.set_fact:
-        opensshserver_path: /etc/crypto-policies/back-ends/opensshserver.config
+        opensshserver_path: "{{{ openssh_server_policy_file }}}"
         local_path: /etc/crypto-policies/local.d/opensshserver-ssg.config
         correct_value: "-oMACs={{ sshd_approved_macs }}"
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/bash/shared.sh
index 0c124e624712..6e14c65e90bf 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/bash/shared.sh
@@ -1,8 +1,9 @@
 # platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
 
 {{{ bash_instantiate_variables("sshd_approved_macs") }}}
+{{%- set openssh_server_policy_file = openssh_server_crypto_policy_config_file -%}}
 
-CONF_FILE=/etc/crypto-policies/back-ends/opensshserver.config
+CONF_FILE="{{{ openssh_server_policy_file }}}"
 LOCAL_CONF_DIR=/etc/crypto-policies/local.d
 LOCAL_CONF_FILE=${LOCAL_CONF_DIR}/opensshserver-ssg.config
 correct_value="-oMACs=${sshd_approved_macs}"
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/oval/shared.xml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/oval/shared.xml
index 5f734202f3d5..e1e2b21d5831 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/oval/shared.xml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/oval/shared.xml
@@ -1,4 +1,4 @@
-{{%- set PATH = "/etc/crypto-policies/back-ends/opensshserver.config" -%}}
+{{%- set PATH = openssh_server_crypto_policy_config_file -%}}
 <def-group>
   <definition class="compliance" id="{{{ rule_id }}}" version="1">
     {{{ oval_metadata("Limit the Message Authentication Codes (MACs) to those which are FIPS-approved.", rule_title=rule_title) }}}
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml
index 81d127526082..bad242a613aa 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml
@@ -1,4 +1,5 @@
 documentation_complete: true
+{{% set openssh_server_policy_file = openssh_server_crypto_policy_config_file %}}
 
 
 title: 'Configure SSH Server to Use FIPS 140-2 Validated MACs: opensshserver.config'
@@ -9,7 +10,7 @@ description: |-
     set up incorrectly.
 
     To check that Crypto Policies settings are configured correctly, ensure that
-    <tt>/etc/crypto-policies/back-ends/opensshserver.config</tt> contains the following
+    <tt>{{{ openssh_server_policy_file }}}</tt> contains the following
     text and is not commented out:
     <tt>-oMACS={{{ xccdf_value("sshd_approved_macs") }}}</tt>
 
@@ -34,7 +35,7 @@ ocil_clause: 'Crypto Policy for OpenSSH Server is not configured correctly'
 
 ocil: |-
     To verify if the OpenSSH server uses defined MACs in the Crypto Policy, run:
-    <pre>$ grep -Po '(-oMACs=\S+)' /etc/crypto-policies/back-ends/opensshserver.config</pre>
+    <pre>$ grep -Po '(-oMACs=\S+)' {{{ openssh_server_policy_file }}}</pre>
     and verify that the line matches:
     <pre>-oMACS={{{ xccdf_value("sshd_approved_macs") }}}</pre>
 
diff --git a/ssg/constants.py b/ssg/constants.py
index 624e2571cade..fa70c4bb4a55 100644
--- a/ssg/constants.py
+++ b/ssg/constants.py
@@ -465,6 +465,8 @@
 DEFAULT_SSHD_SYSCONFIG_FILE = '/etc/sysconfig/sshd'
 DEFAULT_SSH_CLIENT_MAIN_CONFIG_FILE = '/etc/ssh/ssh_config'
 DEFAULT_SSH_CLIENT_CONFIG_DIR = '/etc/ssh/ssh_config.d'
+DEFAULT_OPENSSH_CLIENT_CRYPTO_POLICY_CONFIG_FILE = '/etc/crypto-policies/back-ends/openssh.config'
+DEFAULT_OPENSSH_SERVER_CRYPTO_POLICY_CONFIG_FILE = '/etc/crypto-policies/back-ends/opensshserver.config'
 DEFAULT_PRODUCT = 'example'
 DEFAULT_CHRONY_CONF_PATH = '/etc/chrony.conf'
 DEFAULT_CHRONY_D_PATH = '/etc/chrony.d/'
diff --git a/ssg/products.py b/ssg/products.py
index 77b110b2d298..daa5639f99a7 100644
--- a/ssg/products.py
+++ b/ssg/products.py
@@ -23,6 +23,8 @@
                         DEFAULT_SSHD_SYSCONFIG_FILE,
                         DEFAULT_SSH_CLIENT_MAIN_CONFIG_FILE,
                         DEFAULT_SSH_CLIENT_CONFIG_DIR,
+                        DEFAULT_OPENSSH_CLIENT_CRYPTO_POLICY_CONFIG_FILE,
+                        DEFAULT_OPENSSH_SERVER_CRYPTO_POLICY_CONFIG_FILE,
                         DEFAULT_CHRONY_CONF_PATH,
                         DEFAULT_CHRONY_D_PATH,
                         DEFAULT_AUDISP_CONF_PATH,
@@ -138,6 +140,12 @@ def _get_implied_properties(existing_properties):
     if "ssh_client_config_dir" not in existing_properties:
         result["ssh_client_config_dir"] = DEFAULT_SSH_CLIENT_CONFIG_DIR
 
+    if "openssh_client_crypto_policy_config_file" not in existing_properties:
+        result["openssh_client_crypto_policy_config_file"] = DEFAULT_OPENSSH_CLIENT_CRYPTO_POLICY_CONFIG_FILE
+
+    if "openssh_server_crypto_policy_config_file" not in existing_properties:
+        result["openssh_server_crypto_policy_config_file"] = DEFAULT_OPENSSH_SERVER_CRYPTO_POLICY_CONFIG_FILE
+
     if "product" not in existing_properties:
         result["product"] = DEFAULT_PRODUCT
 
diff --git a/tests/data/product_stability/alinux2.yml b/tests/data/product_stability/alinux2.yml
index 6c410a2d2cf1..7e8ff9573625 100644
--- a/tests/data/product_stability/alinux2.yml
+++ b/tests/data/product_stability/alinux2.yml
@@ -41,6 +41,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
 pkg_manager_config_file: /etc/yum.conf
diff --git a/tests/data/product_stability/alinux3.yml b/tests/data/product_stability/alinux3.yml
index 91b9a49f8eb5..84662e02ad2c 100644
--- a/tests/data/product_stability/alinux3.yml
+++ b/tests/data/product_stability/alinux3.yml
@@ -41,6 +41,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
 pkg_manager_config_file: /etc/yum.conf
diff --git a/tests/data/product_stability/anolis23.yml b/tests/data/product_stability/anolis23.yml
index c48f1b9c6658..5ffd4a514a93 100644
--- a/tests/data/product_stability/anolis23.yml
+++ b/tests/data/product_stability/anolis23.yml
@@ -40,6 +40,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
 pkg_manager_config_file: /etc/yum.conf
diff --git a/tests/data/product_stability/anolis8.yml b/tests/data/product_stability/anolis8.yml
index 61579dcd96c8..bdc8463ee173 100644
--- a/tests/data/product_stability/anolis8.yml
+++ b/tests/data/product_stability/anolis8.yml
@@ -40,6 +40,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
 pkg_manager_config_file: /etc/yum.conf
diff --git a/tests/data/product_stability/debian11.yml b/tests/data/product_stability/debian11.yml
index f598ac3aa581..5d9fb6a67c31 100644
--- a/tests/data/product_stability/debian11.yml
+++ b/tests/data/product_stability/debian11.yml
@@ -45,6 +45,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: apt_get
 pkg_system: dpkg
diff --git a/tests/data/product_stability/debian12.yml b/tests/data/product_stability/debian12.yml
index 8c72066213f9..b81742d05900 100644
--- a/tests/data/product_stability/debian12.yml
+++ b/tests/data/product_stability/debian12.yml
@@ -45,6 +45,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 oval_feed_url: https://www.debian.org/security/oval/oval-definitions-bookworm.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: apt_get
diff --git a/tests/data/product_stability/debian13.yml b/tests/data/product_stability/debian13.yml
index 031dd9856d7a..e96a439170f9 100644
--- a/tests/data/product_stability/debian13.yml
+++ b/tests/data/product_stability/debian13.yml
@@ -46,6 +46,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 oval_feed_url: https://www.debian.org/security/oval/oval-definitions-trixie.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: apt_get
diff --git a/tests/data/product_stability/eks.yml b/tests/data/product_stability/eks.yml
index 94ec7ba4b230..8ab1c5bca2bb 100644
--- a/tests/data/product_stability/eks.yml
+++ b/tests/data/product_stability/eks.yml
@@ -49,6 +49,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_system: rpm
 platform_package_overrides:
diff --git a/tests/data/product_stability/example.yml b/tests/data/product_stability/example.yml
index ed647b05316f..dfaee58e7f8f 100644
--- a/tests/data/product_stability/example.yml
+++ b/tests/data/product_stability/example.yml
@@ -42,6 +42,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: dnf
 pkg_manager_config_file: /etc/dnf/dnf.conf
diff --git a/tests/data/product_stability/fedora.yml b/tests/data/product_stability/fedora.yml
index 7f236804bcfb..457731893c3a 100644
--- a/tests/data/product_stability/fedora.yml
+++ b/tests/data/product_stability/fedora.yml
@@ -77,6 +77,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: dnf
 pkg_manager_config_file: /etc/dnf/dnf.conf
diff --git a/tests/data/product_stability/firefox.yml b/tests/data/product_stability/firefox.yml
index 16129e9dca76..a263887f6a1b 100644
--- a/tests/data/product_stability/firefox.yml
+++ b/tests/data/product_stability/firefox.yml
@@ -40,6 +40,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 pam_faillock_conf_path: /etc/security/faillock.conf
 platform_package_overrides:
   aarch64_arch: null
diff --git a/tests/data/product_stability/ocp4.yml b/tests/data/product_stability/ocp4.yml
index 5957eda9ce3d..ef26a4389444 100644
--- a/tests/data/product_stability/ocp4.yml
+++ b/tests/data/product_stability/ocp4.yml
@@ -149,6 +149,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_system: rpm
 platform_package_overrides:
diff --git a/tests/data/product_stability/ol7.yml b/tests/data/product_stability/ol7.yml
index 404b2d59f495..fabd5c1aa261 100644
--- a/tests/data/product_stability/ol7.yml
+++ b/tests/data/product_stability/ol7.yml
@@ -46,6 +46,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 oval_feed_url: https://linux.oracle.com/security/oval/com.oracle.elsa-ol7.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
diff --git a/tests/data/product_stability/ol8.yml b/tests/data/product_stability/ol8.yml
index 6c3880c5d617..23fe4ae7fc7c 100644
--- a/tests/data/product_stability/ol8.yml
+++ b/tests/data/product_stability/ol8.yml
@@ -36,6 +36,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 oval_feed_url: https://linux.oracle.com/security/oval/com.oracle.elsa-ol8.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
diff --git a/tests/data/product_stability/ol9.yml b/tests/data/product_stability/ol9.yml
index a765d43ad3f2..a3644ad4513b 100644
--- a/tests/data/product_stability/ol9.yml
+++ b/tests/data/product_stability/ol9.yml
@@ -39,6 +39,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 oval_feed_url: https://linux.oracle.com/security/oval/com.oracle.elsa-ol9.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
diff --git a/tests/data/product_stability/openembedded.yml b/tests/data/product_stability/openembedded.yml
index 158a3b57f02d..0c0338d31767 100644
--- a/tests/data/product_stability/openembedded.yml
+++ b/tests/data/product_stability/openembedded.yml
@@ -53,6 +53,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: dnf
 pkg_manager_config_file: /etc/dnf/dnf.conf
diff --git a/tests/data/product_stability/opensuse.yml b/tests/data/product_stability/opensuse.yml
index 188726c01e92..03d2aff65198 100644
--- a/tests/data/product_stability/opensuse.yml
+++ b/tests/data/product_stability/opensuse.yml
@@ -49,6 +49,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: zypper
 pkg_manager_config_file: /etc/zypp/zypper.conf
diff --git a/tests/data/product_stability/rhcos4.yml b/tests/data/product_stability/rhcos4.yml
index d20e239d57d0..c40a9cfbc0ea 100644
--- a/tests/data/product_stability/rhcos4.yml
+++ b/tests/data/product_stability/rhcos4.yml
@@ -43,6 +43,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: dnf
 pkg_manager_config_file: /etc/dnf/dnf.conf
diff --git a/tests/data/product_stability/rhel10.yml b/tests/data/product_stability/rhel10.yml
index fb89fbb3c2ce..3b2715bada04 100644
--- a/tests/data/product_stability/rhel10.yml
+++ b/tests/data/product_stability/rhel10.yml
@@ -49,6 +49,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: dnf
 pkg_manager_config_file: /etc/dnf/dnf.conf
diff --git a/tests/data/product_stability/rhel8.yml b/tests/data/product_stability/rhel8.yml
index e2377a08651c..ea226d52708f 100644
--- a/tests/data/product_stability/rhel8.yml
+++ b/tests/data/product_stability/rhel8.yml
@@ -99,6 +99,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
 pkg_manager_config_file: /etc/yum.conf
diff --git a/tests/data/product_stability/rhel9.yml b/tests/data/product_stability/rhel9.yml
index 93c04da18761..bfa767ce097b 100644
--- a/tests/data/product_stability/rhel9.yml
+++ b/tests/data/product_stability/rhel9.yml
@@ -55,6 +55,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: dnf
 pkg_manager_config_file: /etc/dnf/dnf.conf
diff --git a/tests/data/product_stability/rhv4.yml b/tests/data/product_stability/rhv4.yml
index d5c4bb7f1d28..bc9379207160 100644
--- a/tests/data/product_stability/rhv4.yml
+++ b/tests/data/product_stability/rhv4.yml
@@ -48,6 +48,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: yum
 pkg_manager_config_file: /etc/yum.conf
diff --git a/tests/data/product_stability/sle12.yml b/tests/data/product_stability/sle12.yml
index 6f37d82c4335..6b883492f70d 100644
--- a/tests/data/product_stability/sle12.yml
+++ b/tests/data/product_stability/sle12.yml
@@ -48,6 +48,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 oval_feed_url: https://ftp.suse.com/pub/projects/security/oval/suse.linux.enterprise.12-patch.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: zypper
diff --git a/tests/data/product_stability/sle15.yml b/tests/data/product_stability/sle15.yml
index b8bc702adbe9..55ba2e6fba10 100644
--- a/tests/data/product_stability/sle15.yml
+++ b/tests/data/product_stability/sle15.yml
@@ -49,6 +49,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 oval_feed_url: https://ftp.suse.com/pub/projects/security/oval/suse.linux.enterprise.15-patch.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: zypper
diff --git a/tests/data/product_stability/ubuntu2204.yml b/tests/data/product_stability/ubuntu2204.yml
index 5a5e96f69018..2b15841ab369 100644
--- a/tests/data/product_stability/ubuntu2204.yml
+++ b/tests/data/product_stability/ubuntu2204.yml
@@ -49,6 +49,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 oval_feed_url: https://security-metadata.canonical.com/oval/com.ubuntu.jammy.usn.oval.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: apt_get
diff --git a/tests/data/product_stability/ubuntu2404.yml b/tests/data/product_stability/ubuntu2404.yml
index 6dfd8c9862e0..1050c92005c2 100644
--- a/tests/data/product_stability/ubuntu2404.yml
+++ b/tests/data/product_stability/ubuntu2404.yml
@@ -50,6 +50,8 @@ nobody_gid: 65534
 nobody_uid: 65534
 ssh_client_config_dir: /etc/ssh/ssh_config.d
 ssh_client_main_config_file: /etc/ssh/ssh_config
+openssh_client_crypto_policy_config_file: /etc/crypto-policies/back-ends/openssh.config
+openssh_server_crypto_policy_config_file: /etc/crypto-policies/back-ends/opensshserver.config
 oval_feed_url: https://security-metadata.canonical.com/oval/com.ubuntu.noble.usn.oval.xml.bz2
 pam_faillock_conf_path: /etc/security/faillock.conf
 pkg_manager: apt_get