diff --git a/SOURCES/scap-security-guide-0.1.58-fix_cis_value_selector-PR_7452.patch b/SOURCES/scap-security-guide-0.1.58-fix_cis_value_selector-PR_7452.patch
new file mode 100644
index 0000000..9878022
--- /dev/null
+++ b/SOURCES/scap-security-guide-0.1.58-fix_cis_value_selector-PR_7452.patch
@@ -0,0 +1,39 @@
+From bd790153e02c1d1725f59f5d88c65c77eb1421e9 Mon Sep 17 00:00:00 2001
+From: Gabriel Becker <ggasparb@redhat.com>
+Date: Tue, 24 Aug 2021 12:48:46 +0200
+Subject: [PATCH] Add a new selector for var_system_crypto_policy and use it
+ RHEL8 CIS.
+
+This new selector is used to select explicit DEFAULT value in RHEL8 CIS
+L1 profiles. The "default" selector cannot be selected and it causes
+errors if used.
+---
+ controls/cis_rhel8.yml                                          | 2 +-
+ .../software/integrity/crypto/var_system_crypto_policy.var      | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml
+index 29d972427cf..c0d3f5f40de 100644
+--- a/controls/cis_rhel8.yml
++++ b/controls/cis_rhel8.yml
+@@ -553,7 +553,7 @@ controls:
+     automated: yes
+     rules:
+       - configure_crypto_policy
+-      - var_system_crypto_policy=default
++      - var_system_crypto_policy=default_policy
+ 
+   # This rule works in conjunction with the configure_crypto_policy above.
+   # If a system is remediated to CIS Level 1, just the rule above will apply
+diff --git a/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var b/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var
+index ce301154a39..8b89848d122 100644
+--- a/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var
++++ b/linux_os/guide/system/software/integrity/crypto/var_system_crypto_policy.var
+@@ -13,6 +13,7 @@ interactive: false
+ 
+ options:
+     default: DEFAULT
++    default_policy: DEFAULT
+     default_nosha1: "DEFAULT:NO-SHA1"
+     fips: FIPS
+     fips_ospp: "FIPS:OSPP"
diff --git a/SPECS/scap-security-guide.spec b/SPECS/scap-security-guide.spec
index 44b4bb3..ca97eef 100644
--- a/SPECS/scap-security-guide.spec
+++ b/SPECS/scap-security-guide.spec
@@ -5,7 +5,7 @@
 
 Name:		scap-security-guide
 Version:	0.1.57
-Release:	3%{?dist}
+Release:	4%{?dist}
 Summary:	Security guidance and baselines in SCAP formats
 License:	BSD-3-Clause
 Group:		Applications/System
@@ -72,6 +72,7 @@ Patch51:		scap-security-guide-0.1.58-fix_audit_file_permissions-PR_7440.patch
 Patch52:		scap-security-guide-0.1.58-mark_rule_as_machine_only-PR_7442.patch
 Patch53:		scap-security-guide-0.1.58-fix_rhel7_doc_link-PR_7443.patch
 Patch54:		scap-security-guide-0.1.58-disable_ctrlaltdel_reboot_fix_test_scenario-PR_7444.patch
+Patch55:		scap-security-guide-0.1.58-fix_cis_value_selector-PR_7452.patch
 
 BuildRequires:	libxslt
 BuildRequires:	expat
@@ -175,6 +176,9 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name
 %endif
 
 %changelog
+* Tue Aug 24 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.57-4
+- Fix a value selector in RHEL8 CIS L1 profiles (RHBZ#1993197)
+
 * Mon Aug 23 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.57-3
 - Fix remaining audit rules file permissions (RHBZ#1993056)
 - Mark a STIG service rule as machine only (RHBZ#1993056)