diff --git a/rules/os/os_sshd_fips_compliant.yaml b/rules/os/os_sshd_fips_compliant.yaml
index 1cc8b724..65bd4f16 100644
--- a/rules/os/os_sshd_fips_compliant.yaml
+++ b/rules/os/os_sshd_fips_compliant.yaml
@@ -9,27 +9,39 @@ discussion: |
 
   NOTE: For more information on FIPS compliance with the version of SSHD included in the macOS, the manual page apple_ssh_and_fips has additional information.
 check: |
-  fips_sshd_config="Ciphers aes128-gcm@openssh.com
-  HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com
-  HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com
-  KexAlgorithms ecdh-sha2-nistp256
-  MACs hmac-sha2-256
-  PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com
-  CASignatureAlgorithms ecdsa-sha2-nistp256"
-  /usr/bin/grep -c "$fips_sshd_config" /etc/ssh/sshd_config.d/fips_sshd_config
+  fips_sshd_config=("Ciphers aes128-gcm@openssh.com" "HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com" "HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com" "KexAlgorithms ecdh-sha2-nistp256" "MACs hmac-sha2-256" "PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com" "CASignatureAlgorithms ecdsa-sha2-nistp256")
+  total=0
+  for config in $fips_sshd_config; do
+    total=$(expr $(/usr/sbin/sshd -T | grep -i -c "$config") + $total)
+  done
+
+  echo $total
 result:
   integer: 7
 fix: |
   [source,bash]
   ----
-  fips_sshd_config="Ciphers aes128-gcm@openssh.com
-  HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com
-  HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com
-  KexAlgorithms ecdh-sha2-nistp256
-  MACs hmac-sha2-256
-  PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com
-  CASignatureAlgorithms ecdsa-sha2-nistp256"
-  /bin/echo "${fips_sshd_config}" > /etc/ssh/sshd_config.d/fips_sshd_config 
+  include_dir=$(awk '/^Include/ {print $2}' /etc/ssh/sshd_config | tr -d '*')
+
+  if [[ -z $include_dir ]]; then
+    sed -i.bk "1s/.*/Include \/etc\/ssh\/sshd_config.d\/\*/" /etc/ssh/sshd_config
+  fi
+
+  fips_sshd_config=("Ciphers aes128-gcm@openssh.com" "HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com" "HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com" "KexAlgorithms ecdh-sha2-nistp256" "MACs hmac-sha2-256" "PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com" "CASignatureAlgorithms ecdsa-sha2-nistp256")
+  
+  for config in $fips_sshd_config; do
+    echo "$config" >> "${include_dir}01-mscp-sshd.conf"
+  done
+
+  for file in $(ls ${include_dir}); do
+    if [[ "$file" == "100-macos.conf" ]]; then
+        continue
+    fi
+    if [[ "$file" == "01-mscp-sshd.conf" ]]; then
+        break
+    fi
+    mv ${include_dir}${file} ${include_dir}20-${file}
+  done
   ----   
 references:
   cce: