diff --git a/SOURCES/scap-security-guide-0.1.51-fix_rsyslog_rules_PR_5763.patch b/SOURCES/scap-security-guide-0.1.51-fix_rsyslog_rules_PR_5763.patch
new file mode 100644
index 0000000..34531f1
--- /dev/null
+++ b/SOURCES/scap-security-guide-0.1.51-fix_rsyslog_rules_PR_5763.patch
@@ -0,0 +1,171 @@
+From 179cf6b43b8f10b4907267d976cb503066710e6f Mon Sep 17 00:00:00 2001
+From: Watson Sato <wsato@redhat.com>
+Date: Thu, 14 May 2020 01:20:53 +0200
+Subject: [PATCH 1/4] Do not take paths from include or IncludeConfig
+
+All paths in /etc/rsyslog.conf were taken as log files, but paths
+in lines containing "include" or "$IncludeConfig" are config files.
+
+Let's not take them in as log files
+---
+ .../rsyslog_files_permissions/oval/shared.xml          | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/oval/shared.xml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/oval/shared.xml
+index a78cd69df2..c74f3da3f5 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/oval/shared.xml
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/oval/shared.xml
+@@ -87,8 +87,18 @@
+     -->
+     <ind:pattern operation="pattern match">^[^\s#\$]+[\s]+.*[\s]+-?(/+[^:;\s]+);*.*$</ind:pattern>
+     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
++    <filter action="exclude">state_ignore_include_paths</filter>
+   </ind:textfilecontent54_object>
+ 
++  <ind:textfilecontent54_state id="state_ignore_include_paths" comment="ignore" version="1">
++    <!-- Among the paths matched in object_rfp_log_files_paths there can be paths from
++         include() or $IncludeConfig statements.
++         These paths are conf files, not log files. Their permissions don't need to be as
++         required for log files, thus, lets exclude them from the list of objects found
++    -->
++    <ind:text operation="pattern match">(?:file="[^\s;]+"|\$IncludeConfig[\s]+[^\s;]+)</ind:text>
++  </ind:textfilecontent54_state>
++
+   <!-- Define OVAL variable to hold all the various system log files locations
+        retrieved from the different rsyslog configuration files
+   -->
+
+From 4a408d29313d8ea5aed4fa65cacad86f8078159c Mon Sep 17 00:00:00 2001
+From: Watson Sato <wsato@redhat.com>
+Date: Thu, 14 May 2020 00:16:37 +0200
+Subject: [PATCH 2/4] Fix permissions of files referenced by include()
+
+The remediation script also needs to parse the files included via
+"include()".
+The awk also takes into consideration the multiline aspect.
+---
+ .../rsyslog_files_permissions/bash/shared.sh                  | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh
+index 6cbf0c6a24..dca35301e7 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh
+@@ -6,12 +6,14 @@ RSYSLOG_ETC_CONFIG="/etc/rsyslog.conf"
+ # * And also the log file paths listed after rsyslog's $IncludeConfig directive
+ #   (store the result into array for the case there's shell glob used as value of IncludeConfig)
+ readarray -t RSYSLOG_INCLUDE_CONFIG < <(grep -e "\$IncludeConfig[[:space:]]\+[^[:space:];]\+" /etc/rsyslog.conf | cut -d ' ' -f 2)
++readarray -t RSYSLOG_INCLUDE < <(awk '/)/{f=0} /include\(/{f=1} f{nf=gensub(".*file=\"(\\S+)\".*","\\1",1); if($0!=nf){print nf}}' /etc/rsyslog.conf)
++
+ # Declare an array to hold the final list of different log file paths
+ declare -a LOG_FILE_PATHS
+ 
+ # Browse each file selected above as containing paths of log files
+ # ('/etc/rsyslog.conf' and '/etc/rsyslog.d/*.conf' in the default configuration)
+-for LOG_FILE in "${RSYSLOG_ETC_CONFIG}" "${RSYSLOG_INCLUDE_CONFIG[@]}"
++for LOG_FILE in "${RSYSLOG_ETC_CONFIG}" "${RSYSLOG_INCLUDE_CONFIG[@]}" "${RSYSLOG_INCLUDE[@]}"
+ do
+ 	# From each of these files extract just particular log file path(s), thus:
+ 	# * Ignore lines starting with space (' '), comment ('#"), or variable syntax ('$') characters,
+
+From 812e9b487e3c11a18e5e3a965ac23ec1a0d64e91 Mon Sep 17 00:00:00 2001
+From: Watson Sato <wsato@redhat.com>
+Date: Fri, 15 May 2020 15:53:58 +0200
+Subject: [PATCH 3/4] Make regex for include file more strict
+
+For some reason gensub in awk doesn't support non capturing group.
+So the group with OR is capturing and we substitute everyting with the
+second group, witch matches the file path.
+---
+ .../rsyslog_files_permissions/bash/shared.sh                    | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh
+index dca35301e7..99d2d0e794 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh
+@@ -6,7 +6,7 @@ RSYSLOG_ETC_CONFIG="/etc/rsyslog.conf"
+ # * And also the log file paths listed after rsyslog's $IncludeConfig directive
+ #   (store the result into array for the case there's shell glob used as value of IncludeConfig)
+ readarray -t RSYSLOG_INCLUDE_CONFIG < <(grep -e "\$IncludeConfig[[:space:]]\+[^[:space:];]\+" /etc/rsyslog.conf | cut -d ' ' -f 2)
+-readarray -t RSYSLOG_INCLUDE < <(awk '/)/{f=0} /include\(/{f=1} f{nf=gensub(".*file=\"(\\S+)\".*","\\1",1); if($0!=nf){print nf}}' /etc/rsyslog.conf)
++readarray -t RSYSLOG_INCLUDE < <(awk '/)/{f=0} /include\(/{f=1} f{nf=gensub("^(include\\(|\\s*)file=\"(\\S+)\".*","\\2",1); if($0!=nf){print nf}}' /etc/rsyslog.conf)
+ 
+ # Declare an array to hold the final list of different log file paths
+ declare -a LOG_FILE_PATHS
+
+From c49f8aaf717313a41bbdfca188dd491a13d1133e Mon Sep 17 00:00:00 2001
+From: Watson Sato <wsato@redhat.com>
+Date: Fri, 15 May 2020 16:55:02 +0200
+Subject: [PATCH 4/4] Extend OVAL fix to groupownership and ownership
+
+These three files basically work the same way
+---
+ .../rsyslog_files_groupownership/oval/shared.xml       | 10 ++++++++++
+ .../rsyslog_files_ownership/oval/shared.xml            | 10 ++++++++++
+ .../rsyslog_files_permissions/oval/shared.xml          |  4 ++--
+ 3 files changed, 22 insertions(+), 2 deletions(-)
+
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/oval/shared.xml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/oval/shared.xml
+index 5828f25321..9941e2b94f 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/oval/shared.xml
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/oval/shared.xml
+@@ -86,8 +86,18 @@
+     -->
+     <ind:pattern operation="pattern match">^[^(\s|#|\$)]+[\s]+.*[\s]+-?(/+[^:;\s]+);*.*$</ind:pattern>
+     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
++    <filter action="exclude">state_groupownership_ignore_include_paths</filter>
+   </ind:textfilecontent54_object>
+ 
++  <ind:textfilecontent54_state id="state_groupownership_ignore_include_paths" comment="ignore" version="1">
++    <!-- Among the paths matched in object_rfp_log_files_paths there can be paths from
++         include() or $IncludeConfig statements.
++         These paths are conf files, not log files. Their groupownership don't need to be as
++         required for log files, thus, lets exclude them from the list of objects found
++    -->
++    <ind:text operation="pattern match">(?:file="[^\s;]+"|\$IncludeConfig[\s]+[^\s;]+)</ind:text>
++  </ind:textfilecontent54_state>
++
+   <!-- Define OVAL variable to hold all the various system log files locations
+        retrieved from the different rsyslog configuration files
+   -->
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/oval/shared.xml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/oval/shared.xml
+index 3c46eab6d6..29dd1a989e 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/oval/shared.xml
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/oval/shared.xml
+@@ -83,8 +83,18 @@
+     -->
+     <ind:pattern operation="pattern match">^[^(\s|#|\$)]+[\s]+.*[\s]+-?(/+[^:;\s]+);*.*$</ind:pattern>
+     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
++    <filter action="exclude">state_owner_ignore_include_paths</filter>
+   </ind:textfilecontent54_object>
+ 
++  <ind:textfilecontent54_state id="state_owner_ignore_include_paths" comment="ignore" version="1">
++    <!-- Among the paths matched in object_rfp_log_files_paths there can be paths from
++         include() or $IncludeConfig statements.
++         These paths are conf files, not log files. Their owner don't need to be as
++         required for log files, thus, lets exclude them from the list of objects found
++    -->
++    <ind:text operation="pattern match">(?:file="[^\s;]+"|\$IncludeConfig[\s]+[^\s;]+)</ind:text>
++  </ind:textfilecontent54_state>
++
+   <!-- Define OVAL variable to hold all the various system log files locations
+        retrieved from the different rsyslog configuration files
+   -->
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/oval/shared.xml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/oval/shared.xml
+index c74f3da3f5..da37a15b8c 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/oval/shared.xml
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/oval/shared.xml
+@@ -87,10 +87,10 @@
+     -->
+     <ind:pattern operation="pattern match">^[^\s#\$]+[\s]+.*[\s]+-?(/+[^:;\s]+);*.*$</ind:pattern>
+     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
+-    <filter action="exclude">state_ignore_include_paths</filter>
++    <filter action="exclude">state_permissions_ignore_include_paths</filter>
+   </ind:textfilecontent54_object>
+ 
+-  <ind:textfilecontent54_state id="state_ignore_include_paths" comment="ignore" version="1">
++  <ind:textfilecontent54_state id="state_permissions_ignore_include_paths" comment="ignore" version="1">
+     <!-- Among the paths matched in object_rfp_log_files_paths there can be paths from
+          include() or $IncludeConfig statements.
+          These paths are conf files, not log files. Their permissions don't need to be as
diff --git a/SOURCES/scap-security-guide-0.1.51-openssl_crypto_PR_5885.patch b/SOURCES/scap-security-guide-0.1.51-openssl_crypto_PR_5885.patch
new file mode 100644
index 0000000..218e89b
--- /dev/null
+++ b/SOURCES/scap-security-guide-0.1.51-openssl_crypto_PR_5885.patch
@@ -0,0 +1,163 @@
+From bf4da502abb91d3db88e76f7239880909f400604 Mon Sep 17 00:00:00 2001
+From: Vojtech Polasek <vpolasek@redhat.com>
+Date: Thu, 25 Jun 2020 09:53:38 +0200
+Subject: [PATCH 1/3] fixed description, oval, ansible, bash
+
+---
+ .../configure_openssl_crypto_policy/ansible/shared.yml |  4 ++--
+ .../configure_openssl_crypto_policy/bash/shared.sh     |  4 ++--
+ .../configure_openssl_crypto_policy/oval/shared.xml    |  2 +-
+ .../crypto/configure_openssl_crypto_policy/rule.yml    | 10 +++++-----
+ 4 files changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml
+index e6318f221c..98fe134aca 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml
+@@ -15,7 +15,7 @@
+   lineinfile:
+     create: yes
+     insertafter: '^\s*\[\s*crypto_policy\s*]\s*'
+-    line: ".include /etc/crypto-policies/back-ends/openssl.config"
++    line: ".include /etc/crypto-policies/back-ends/opensslcnf.config"
+     path: /etc/pki/tls/openssl.cnf
+   when:
+     - test_crypto_policy_group.stdout is defined
+@@ -24,7 +24,7 @@
+ - name: "Add crypto_policy group and set include openssl.config"
+   lineinfile:
+     create: yes
+-    line: "[crypto_policy]\n.include /etc/crypto-policies/back-ends/openssl.config"
++    line: "[crypto_policy]\n.include /etc/crypto-policies/back-ends/opensslcnf.config"
+     path: /etc/pki/tls/openssl.cnf
+   when:
+     - test_crypto_policy_group.stdout is defined
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh
+index 0b3cbf3b46..a0b30cce96 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh
+@@ -2,8 +2,8 @@
+ 
+ OPENSSL_CRYPTO_POLICY_SECTION='[ crypto_policy ]'
+ OPENSSL_CRYPTO_POLICY_SECTION_REGEX='\[\s*crypto_policy\s*\]'
+-OPENSSL_CRYPTO_POLICY_INCLUSION='.include /etc/crypto-policies/back-ends/openssl.config'
+-OPENSSL_CRYPTO_POLICY_INCLUSION_REGEX='^\s*\.include\s*/etc/crypto-policies/back-ends/openssl.config$'
++OPENSSL_CRYPTO_POLICY_INCLUSION='.include /etc/crypto-policies/back-ends/opensslcnf.config'
++OPENSSL_CRYPTO_POLICY_INCLUSION_REGEX='^\s*\.include\s*/etc/crypto-policies/back-ends/opensslcnf.config$'
+ 
+ function remediate_openssl_crypto_policy() {
+ 	CONFIG_FILE="/etc/pki/tls/openssl.cnf"
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/oval/shared.xml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/oval/shared.xml
+index a9b3f7b6e9..2019769736 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/oval/shared.xml
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/oval/shared.xml
+@@ -20,7 +20,7 @@
+   <ind:textfilecontent54_object id="object_configure_openssl_crypto_policy"
+   version="1">
+     <ind:filepath>/etc/pki/tls/openssl.cnf</ind:filepath>
+-    <ind:pattern operation="pattern match">^\s*\[\s*crypto_policy\s*\]\s*\n*\s*\.include\s*/etc/crypto-policies/back-ends/openssl.config\s*$</ind:pattern>
++    <ind:pattern operation="pattern match">^\s*\[\s*crypto_policy\s*\]\s*\n*\s*\.include\s*/etc/crypto-policies/back-ends/opensslcnf.config\s*$</ind:pattern>
+     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
+   </ind:textfilecontent54_object>
+ </def-group>
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
+index 8c015bb3b2..1a66570a8c 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
+@@ -11,7 +11,7 @@ description: |-
+     To check that Crypto Policies settings are configured correctly, you have to examine the OpenSSL config file
+     available under <tt>/etc/pki/tls/openssl.cnf</tt>.
+     This file has the <tt>ini</tt> format, and it enables crypto policy support
+-    if there is a <tt>[ crypto_policy ]</tt> section that contains the <tt>.include /etc/crypto-policies/back-ends/openssl.config</tt> directive.
++    if there is a <tt>[ crypto_policy ]</tt> section that contains the <tt>.include /etc/crypto-policies/back-ends/opensslcnf.config</tt> directive.
+ 
+ rationale: |-
+     Overriding the system crypto policy makes the behavior of the Java runtime violates expectations,
+@@ -29,11 +29,11 @@ references:
+ 
+ ocil_clause: |-
+     the OpenSSL config file doesn't contain the whole section,
+-    or that the section doesn't have the <pre>.include /etc/crypto-policies/back-ends/openssl.config</pre> directive
++    or that the section doesn't have the <pre>.include /etc/crypto-policies/back-ends/opensslcnf.config</pre> directive
+ 
+ ocil: |-
+-    To verify that OpenSSL uses the system crypro policy, check out that the OpenSSL config file
++    To verify that OpenSSL uses the system crypto policy, check out that the OpenSSL config file
+     <pre>/etc/pki/tls/openssl.cnf</pre> contains the <pre>[ crypto_policy ]</pre> section with the
+-    <pre>.include /etc/crypto-policies/back-ends/openssl.config</pre> directive:
+-    <pre>grep '\.include\s* /etc/crypto-policies/back-ends/openssl.config$' /etc/pki/tls/openssl.cnf</pre>.
++    <pre>.include /etc/crypto-policies/back-ends/opensslcnf.config</pre> directive:
++    <pre>grep '\.include\s* /etc/crypto-policies/back-ends/opensslcnf.config$' /etc/pki/tls/openssl.cnf</pre>.
+ 
+
+From 5e4f19a3301fbdc74b199b418a435924089d6c30 Mon Sep 17 00:00:00 2001
+From: Vojtech Polasek <vpolasek@redhat.com>
+Date: Thu, 25 Jun 2020 09:54:09 +0200
+Subject: [PATCH 2/3] updated tests
+
+---
+ .../configure_openssl_crypto_policy/tests/ok.pass.sh   |  2 +-
+ .../tests/wrong.fail.sh                                | 10 ++++++++++
+ 2 files changed, 11 insertions(+), 1 deletion(-)
+ create mode 100644 linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh
+
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh
+index 5b8334735e..c56916883e 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh
+@@ -6,5 +6,5 @@
+ 
+ create_config_file_with "[ crypto_policy ]
+ 
+-.include /etc/crypto-policies/back-ends/openssl.config
++.include /etc/crypto-policies/back-ends/opensslcnf.config
+ "
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh
+new file mode 100644
+index 0000000000..5b8334735e
+--- /dev/null
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh
+@@ -0,0 +1,10 @@
++#!/bin/bash
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard
++
++. common.sh
++
++create_config_file_with "[ crypto_policy ]
++
++.include /etc/crypto-policies/back-ends/openssl.config
++"
+
+From 73804523130ce02162b780b8811e79e6adcb51a6 Mon Sep 17 00:00:00 2001
+From: Gabriel Becker <ggasparb@redhat.com>
+Date: Thu, 25 Jun 2020 17:32:00 +0200
+Subject: [PATCH 3/3] Update task name to reflect correct opensslcnf.config
+ file.
+
+---
+ .../crypto/configure_openssl_crypto_policy/ansible/shared.yml | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml
+index 98fe134aca..986543c10f 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml
+@@ -11,7 +11,7 @@
+   changed_when: False
+   check_mode: no
+ 
+-- name: "Add .include for openssl.config to crypto_policy section"
++- name: "Add .include for opensslcnf.config to crypto_policy section"
+   lineinfile:
+     create: yes
+     insertafter: '^\s*\[\s*crypto_policy\s*]\s*'
+@@ -21,7 +21,7 @@
+     - test_crypto_policy_group.stdout is defined
+     - test_crypto_policy_group.stdout | length > 0
+ 
+-- name: "Add crypto_policy group and set include openssl.config"
++- name: "Add crypto_policy group and set include opensslcnf.config"
+   lineinfile:
+     create: yes
+     line: "[crypto_policy]\n.include /etc/crypto-policies/back-ends/opensslcnf.config"
diff --git a/SPECS/scap-security-guide.spec b/SPECS/scap-security-guide.spec
index adabcf5..e8caa82 100644
--- a/SPECS/scap-security-guide.spec
+++ b/SPECS/scap-security-guide.spec
@@ -1,6 +1,6 @@
 Name:		scap-security-guide
 Version:	0.1.50
-Release:	5%{?dist}
+Release:	7%{?dist}
 Summary:	Security guidance and baselines in SCAP formats
 Group:		Applications/System
 License:	BSD
@@ -20,6 +20,8 @@ Patch8:		scap-security-guide-0.1.51-fix_ansible_template_mount_options_PR_5765.p
 Patch9:		scap-security-guide-0.1.51-fix_rpm_verify_permissions_conflict_PR_5770.patch
 Patch10:		scap-security-guide-0.1.51-add_ansible_system_shutdown_PR_5761.patch
 Patch11:		scap-security-guide-0.1.51-create_macro_selinux_remediation_PR_5785.patch
+Patch12:		scap-security-guide-0.1.51-fix_rsyslog_rules_PR_5763.patch
+Patch13:		scap-security-guide-0.1.51-openssl_crypto_PR_5885.patch
 BuildArch:	noarch
 
 # To get python3 inside the buildroot require its path explicitly in BuildRequires
@@ -65,6 +67,8 @@ present in %{name} package.
 %patch9 -p1
 %patch10 -p1
 %patch11 -p1
+%patch12 -p1
+%patch13 -p1
 mkdir build
 
 %build
@@ -99,6 +103,12 @@ cd build
 %doc %{_docdir}/%{name}/tables/*.html
 
 %changelog
+* Mon Jun 29 2020 Matěj Týč <matyc@redhat.com> - 0.1.50-7
+- Fix the OpenSSL Crypto Policy rule (RHBZ#1850543)
+
+* Mon Jun 22 2020 Gabriel Becker <ggasparb@redhat.com> - 0.1.50-6
+- Fix rsyslog permissions/ownership rules (RHBZ#1781606)
+
 * Thu May 28 2020 Gabriel Becker <ggasparb@redhat.com> - 0.1.50-5
 - Fix SELinux remediation to detect properly current configuration. (RHBZ#1750526)