diff --git a/controls/cis_ubuntu2404.yml b/controls/cis_ubuntu2404.yml
index 4a53cba9e4b..c2b99684d7d 100644
--- a/controls/cis_ubuntu2404.yml
+++ b/controls/cis_ubuntu2404.yml
@@ -1985,8 +1985,10 @@ controls:
     levels:
       - l1_server
       - l1_workstation
-    status: planned
-    notes: TODO. Rule does not seem to be implemented, nor does it map to any rules in ubuntu2204 profile.
+    rules:
+      - var_password_pam_enforcing=1
+      - accounts_password_pam_enforcing
+    status: automated
 
   - id: 5.3.3.2.8
     title: Ensure password quality is enforced for the root user (Automated)
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforcing/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforcing/rule.yml
index ef9eba31a61..df8dcbb8d9f 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforcing/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforcing/rule.yml
@@ -42,6 +42,13 @@ ocil: |-
 
 platform: package[pam]
 
+{{% if product == "ubuntu2404" %}}
+template:
+    name: accounts_password
+    vars:
+        variable: enforcing
+        operation: equals
+{{% else %}}
 template:
     name: "lineinfile"
     vars:
@@ -49,3 +56,5 @@ template:
         path: "/etc/security/pwquality.conf"
     oval_extend_definitions:
         - accounts_password_pam_pwquality
+{{% endif %}}
+
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforcing/tests/correct.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforcing/tests/correct.pass.sh
index 4ffd4e5bb96..d2a75c5fd4e 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforcing/tests/correct.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforcing/tests/correct.pass.sh
@@ -1,3 +1,7 @@
 #!/bin/bash
 
+{{% if product == "ubuntu2404" %}}
+{{{ bash_pam_pwquality_enable() }}}
+{{% endif %}}
+
 echo 'enforcing = 1' > /etc/security/pwquality.conf
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/var_password_pam_enforcing.var b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/var_password_pam_enforcing.var
new file mode 100644
index 00000000000..09a65247e96
--- /dev/null
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/var_password_pam_enforcing.var
@@ -0,0 +1,17 @@
+documentation_complete: true
+
+title: enforcing
+
+description: |-
+    Disallow a password that does not meet the criteria
+
+type: number
+
+operator: equals
+
+interactive: false
+
+options:
+    1: 1
+    default: 1
+