diff --git a/Changelog.md b/Changelog.md
index 41f93930..ccdbd51c 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -18,6 +18,7 @@
 - README new layout
 
 - Added test for rule 4.3.4 check user is using sudo has password set before NOPASSWD removed from sudoers
+- grub password check update thanks to @Acenl12 on discord
 
 ## V1.0.1 - based upon CIS 1.1.0
 
diff --git a/defaults/main.yml b/defaults/main.yml
index e42dfe03..464def5a 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -477,7 +477,10 @@ ubtu20cis_set_grub_password: true
 ubtu20cis_grub_user_file: /etc/grub.d/40_custom
 ubtu20cis_grub_user: root
 ubtu20cis_grub_file: /boot/grub/grub.cfg
-ubtu20cis_bootloader_password_hash: "grub.pbkdf2.sha512.10000"  # pragma: allowlist secret
+
+# This is used to set the password in grub the full string is required.
+# It is suggested that this variable is overridden by your setup e.g. inventory/ groupvars / vaults etc
+ubtu20cis_bootloader_password_hash: "grub.pbkdf2.sha512.10000.ChangeMe"  # pragma: allowlist secret
 
 # Change the following value to true if you wish to be prompted to get past grub bootloader
 ubtu20cis_ask_passwd_to_boot: false
diff --git a/tasks/main.yml b/tasks/main.yml
index 8994906f..2083b7e0 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -18,8 +18,8 @@
 - name: Ensure grub password has been changed
   ansible.builtin.assert:
       that:
-          - '"ChangeMe" not in ubtu20cis_grub_pw'
-          - '"grub.pbkdf2.sha512.1000" in ubtu20cis_grub_pw'
+          - '"ChangeMe" not in ubtu20cis_bootloader_password_hash'
+          - '"grub.pbkdf2.sha512.1000" in ubtu20cis_bootloader_password_hash'
       fail_msg: "The default grub password has not been changed"
   when:
       - ubtu20cis_set_grub_password
diff --git a/templates/ansible_vars_goss.yml.j2 b/templates/ansible_vars_goss.yml.j2
index fb608066..69463623 100644
--- a/templates/ansible_vars_goss.yml.j2
+++ b/templates/ansible_vars_goss.yml.j2
@@ -373,7 +373,7 @@ ubtu20cis_allow_autofs: {{ ubtu20cis_allow_autofs }}
 ubtu20cis_grub_conf_file: /boot/grub/grub.cfg
 ubtu20cis_grub_user_file: {{ ubtu20cis_grub_user_file }}
 ubtu20cis_grub_username: {{ ubtu20cis_grub_user }}
-ubtu20cis_grub_hash: {{ ubtu20cis_grub_pw }}
+ubtu20cis_grub_hash: {{ ubtu20cis_bootloader_password_hash }}
 
 ubtu20cis_root_pw: {{ ubtu20cis_root_pw }}