diff --git a/src/navmessage.rs b/src/navmessage.rs
index 764af72..bba80c7 100644
--- a/src/navmessage.rs
+++ b/src/navmessage.rs
@@ -578,10 +578,16 @@ impl<S: StaticStorage> CollectNavMessage<S> {
                 tag_idx,
                 prna
             );
-            for to_add in to_add_authbits {
-                if navdata.svn() == to_add.svn() && navdata.message_bits() == to_add.message_bits()
-                {
-                    to_add.add_authbits(tag);
+            // This nma_status is known good because it has been used in the tag
+            // validation, so we can act on it to decide if we can add
+            // authentication bits.
+            if matches!(nma_status, NmaStatus::Operational | NmaStatus::Test) {
+                for to_add in to_add_authbits {
+                    if navdata.svn() == to_add.svn()
+                        && navdata.message_bits() == to_add.message_bits()
+                    {
+                        to_add.add_authbits(tag);
+                    }
                 }
             }
         } else {
diff --git a/src/osnma.rs b/src/osnma.rs
index 68cd5de..dfb4c61 100644
--- a/src/osnma.rs
+++ b/src/osnma.rs
@@ -93,7 +93,6 @@ struct OsnmaData<S: StaticStorage> {
     pubkey: PubkeyStore,
     key: KeyStore,
     only_slowmac: bool,
-    dont_use: bool,
 }
 
 #[derive(Debug, Clone)]
@@ -137,7 +136,6 @@ impl<S: StaticStorage> Osnma<S> {
                         .map_or_else(PubkeyStore::empty, PubkeyStore::from_current_pubkey),
                     key: KeyStore::empty(),
                     only_slowmac,
-                    dont_use: false,
                 },
             },
         }
@@ -289,20 +287,15 @@ impl<S: StaticStorage> OsnmaData<S> {
 
     fn process_nma_header(&mut self, nma_header: NmaHeader<Validated>, pkid: u8) {
         match nma_header.nma_status() {
-            NmaStatus::Operational => {
-                self.dont_use = false;
-            }
+            NmaStatus::Operational => {}
             NmaStatus::Test => {
                 log::info!("NMA status is test");
-                self.dont_use = false;
             }
             NmaStatus::Reserved => {
                 log::error!("NMA status has a reserved value; assuming don't use");
-                self.set_dont_use();
             }
             NmaStatus::DontUse => {
                 log::warn!("NMA status is don't use");
-                self.set_dont_use();
                 match nma_header.chain_and_pubkey_status() {
                     ChainAndPubkeyStatus::ChainRevoked => {
                         // current chain is revoked
@@ -367,11 +360,6 @@ impl<S: StaticStorage> OsnmaData<S> {
         self.key = KeyStore::empty();
     }
 
-    fn set_dont_use(&mut self) {
-        self.dont_use = true;
-        self.navmessage.reset_authbits();
-    }
-
     fn process_dsm_pkr(&mut self, dsm_pkr: DsmPkr) {
         match dsm_pkr.new_public_key_type() {
             NewPublicKeyType::EcdsaKey(_) => self.process_dsm_pkr_npk(dsm_pkr),
@@ -457,10 +445,6 @@ impl<S: StaticStorage> OsnmaData<S> {
     }
 
     fn process_tags(&mut self, current_key: &Key<Validated>) {
-        if self.dont_use {
-            return;
-        }
-
         let gst_mack = current_key.gst_subframe().add_seconds(-30);
         let gst_slowmac = gst_mack.add_seconds(-300);
         // Try to re-generate the key that was used for the MACSEQ of the