diff --git a/defaults/main.yml b/defaults/main.yml
index 73cf243e..da0cb0e1 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -492,7 +492,14 @@ rhel8cis_selinux_policy: targeted
 
 # 1.6 Set crypto policy (LEGACY, DEFAULT, FUTURE, FIPS)
 rhel8cis_crypto_policy: 'DEFAULT'
-# Added module to be loaded - (Allowed options in vars/main.yml - OSPP and AD-SUPPORT)
+
+# 1.6.1 Allowed crypto-policy modules
+rhel8cis_allowed_crypto_policies_modules:
+    - 'AD-SUPPORT'
+    - 'NO-SHA1'
+    - 'OSPP'
+
+# Added module to be loaded
 rhel8cis_crypto_policy_module: ''
 
 # 1.7
diff --git a/vars/main.yml b/vars/main.yml
index e0d92405..9a92b432 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -7,10 +7,6 @@ rhel8cis_allowed_crypto_policies:
     - 'FUTURE'
     - 'FIPS'
 
-rhel8cis_allowed_crypto_policies_modules:
-    - 'OSPP'
-    - 'AD-SUPPORT'
-
 # default setting, this should not be changed
 # and is overridden if a task that changed sets the value if required.
 reboot_required: false