diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml
index c3a892312d71..91bb30a4057f 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: wrlinux8,wrlinux1019,rhel6,rhel7,rhel8,ol7,rhv4
+prodtype: wrlinux8,wrlinux1019,rhel6,rhel7,ol7,rhv4
 
 title: 'Use Only FIPS 140-2 Validated Ciphers'
 
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml
index a5ad34d76088..390e71cc7966 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: wrlinux1019,rhel6,rhel7,rhel8,ol7,rhv4
+prodtype: wrlinux1019,rhel6,rhel7,ol7,rhv4
 
 title: 'Use Only FIPS 140-2 Validated MACs'
 
diff --git a/rhel8/profiles/ospp.profile b/rhel8/profiles/ospp.profile
index 2f6928e8bef4..2a81b70ff59f 100644
--- a/rhel8/profiles/ospp.profile
+++ b/rhel8/profiles/ospp.profile
@@ -25,7 +25,6 @@ selections:
     #################################################################
     ## Bootloader Configuration
     #################################################################
-    #TO DO: bootloader --location=mbr --append="boot=/dev/vda1 fips=1 "
 
     ## Set the UEFI Boot Loader Password
     - grub2_uefi_password
@@ -145,11 +144,6 @@ selections:
     ## /tmp
     ###########
 
-    ## Setup a couple mountpoints by hand to ensure correctness
-    #touch /etc/fstab
-    ## Ensure /tmp Located On Separate Partition
-    #echo -e "tmpfs\t/tmp\t\t\t\ttmpfs\tdefaults,mode=1777,,,nodev,strictatime,size=512M\t0 0" >> /etc/fstab
-
     ## Add nodev Option to /tmp
     - mount_option_tmp_nodev
 
@@ -159,19 +153,9 @@ selections:
     ## Add nosuid Option to /tmp
     - mount_option_tmp_nosuid
 
-    ###########
-    ## /swap
-    ###########
-    ## TO DO: https://github.com/ComplianceAsCode/content/issues/4490
-    ##  do we need a swap partition (for security reasons)?
-    #logvol swap --name=lv_swap --vgname=VolGroup --size=2016
-
     ###########
     ## /dev/shm
     ###########
-    ## Make sure /dev/shm is restricted
-    #echo -e "tmpfs\t/dev/shm\t\t\t\ttmpfs\tdefaults,mode=1777,,,strictatime\t0 0" >> /etc/fstab
-
     ## Add nodev Option to /dev/shm
     - mount_option_dev_shm_nodev
 
@@ -291,15 +275,6 @@ selections:
     ## Uninstall Automatic Bug Reporting Tool (abrt)
     - package_abrt_removed
 
-    #################################################################
-    ##
-    ## Set PATH correctly
-    ##
-    #################################################################
-
-    ## TO DO
-    #PATH=/bin:/usr/bin:/sbin:/usr/sbin:$PATH
-
     #################################################################
     ##
     ## Configure Audit Daemon
@@ -742,9 +717,6 @@ selections:
     ## Configure the tmux Lock Command
     - configure_tmux_lock_command
 
-    ## TO DO: https://github.com/ComplianceAsCode/content/issues/4499
-    #set -g status off
-
     ## TO DO: https://github.com/ComplianceAsCode/content/issues/4496
     #cat << EOF > /tmp/rules.conf
     #allow with-interface equals { 09:00:* }
@@ -871,9 +843,6 @@ selections:
     ## Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces
     - sysctl_net_ipv4_icmp_echo_ignore_broadcasts
 
-    ## TO DO: NEED SCAP RULE
-    #echo "net.ipv6.icmp.echo_ignore_all = 0" >> $CONFIG
-
     ## Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces
     - sysctl_net_ipv4_ip_forward
 
@@ -1034,16 +1003,9 @@ selections:
     ## Enable SSH Warning Banner
     - sshd_enable_warning_banner
 
-    ## Use Only FIPS 140-2 Validated Ciphers
-    - sshd_use_approved_ciphers
-
     ## TO DO: https://github.com/ComplianceAsCode/content/issues/4469
     #echo -e "PubkeyAcceptedKeyTypes ssh-rsa,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384" >> $CONFIG
 
-    ## Use Only FIPS 140-2 Validated MACs
-    ## SEE ALSO: https://github.com/ComplianceAsCode/content/issues/4470
-    - sshd_use_approved_macs
-
     ## TO DO: https://github.com/ComplianceAsCode/content/issues/4471
     #echo -e "KexAlgorithms diffie-hellman-group14-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521" >> $CONFIG
 
@@ -1091,6 +1053,10 @@ selections:
     ## Enable FIPS Mode
     - enable_fips_mode
 
+    ## Set up Crypto policy
+    - var_system_crypto_policy=fips
+    - configure_crypto_policy
+
     ## TO DO: https://github.com/ComplianceAsCode/content/issues/4500
     # - sysctl_crypto_fips_enabled