diff --git a/linux_os/guide/system/accounts/accounts-pam/var_password_hashing_algorithm.var b/linux_os/guide/system/accounts/accounts-pam/var_password_hashing_algorithm.var
index 59e7047bb6b..a7ca858e731 100644
--- a/linux_os/guide/system/accounts/accounts-pam/var_password_hashing_algorithm.var
+++ b/linux_os/guide/system/accounts/accounts-pam/var_password_hashing_algorithm.var
@@ -16,4 +16,4 @@ options:
default: SHA512
SHA512: SHA512
SHA256: SHA256
- yescrypt: yescrypt
+ yescrypt: YESCRYPT
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/var_password_pam_unix_rounds.var b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/var_password_pam_unix_rounds.var
index d2b1522a646..5dd4c7d7c19 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/var_password_pam_unix_rounds.var
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/var_password_pam_unix_rounds.var
@@ -3,7 +3,7 @@ documentation_complete: true
title: Password Hashing algorithm
description: |-
- Specify the number of SHA rounds for the system password encryption algorithm.
+ Specify the number of rounds for the system password encryption algorithm.
Defines the value set in /etc/pam.d/system-auth and /etc/pam.d/password-auth
type: number
diff --git a/products/rhel8/profiles/anssi_bp28_enhanced.profile b/products/rhel8/profiles/anssi_bp28_enhanced.profile
index b2a2419ee21..e7e8bd2f937 100644
--- a/products/rhel8/profiles/anssi_bp28_enhanced.profile
+++ b/products/rhel8/profiles/anssi_bp28_enhanced.profile
@@ -21,6 +21,8 @@ description: |-
selections:
- anssi:all:enhanced
+ - var_password_hashing_algorithm=SHA512
+ - var_password_pam_unix_rounds=65536
- '!timer_logrotate_enabled'
# Following rules once had a prodtype incompatible with the rhel8 product
- '!cracklib_accounts_password_pam_minlen'
diff --git a/products/rhel8/profiles/anssi_bp28_high.profile b/products/rhel8/profiles/anssi_bp28_high.profile
index 12bd1563827..e0c3140ea84 100644
--- a/products/rhel8/profiles/anssi_bp28_high.profile
+++ b/products/rhel8/profiles/anssi_bp28_high.profile
@@ -21,6 +21,8 @@ description: |-
selections:
- anssi:all:high
+ - var_password_hashing_algorithm=SHA512
+ - var_password_pam_unix_rounds=65536
# the following rule renders UEFI systems unbootable
- '!sebool_secure_mode_insmod'
- '!timer_logrotate_enabled'
diff --git a/products/rhel8/profiles/anssi_bp28_intermediary.profile b/products/rhel8/profiles/anssi_bp28_intermediary.profile
index f99e4622afd..091b2567347 100644
--- a/products/rhel8/profiles/anssi_bp28_intermediary.profile
+++ b/products/rhel8/profiles/anssi_bp28_intermediary.profile
@@ -21,6 +21,8 @@ description: |-
selections:
- anssi:all:intermediary
+ - var_password_hashing_algorithm=SHA512
+ - var_password_pam_unix_rounds=65536
# Following rules once had a prodtype incompatible with the rhel8 product
- '!cracklib_accounts_password_pam_minlen'
- '!accounts_passwords_pam_tally2_deny_root'
diff --git a/products/rhel8/profiles/anssi_bp28_minimal.profile b/products/rhel8/profiles/anssi_bp28_minimal.profile
index aa606b38baa..c07e2651dff 100644
--- a/products/rhel8/profiles/anssi_bp28_minimal.profile
+++ b/products/rhel8/profiles/anssi_bp28_minimal.profile
@@ -21,6 +21,8 @@ description: |-
selections:
- anssi:all:minimal
+ - var_password_hashing_algorithm=SHA512
+ - var_password_pam_unix_rounds=65536
# Following rules once had a prodtype incompatible with the rhel8 product
- '!cracklib_accounts_password_pam_minlen'
- '!accounts_passwords_pam_tally2_deny_root'
diff --git a/products/rhel9/profiles/anssi_bp28_enhanced.profile b/products/rhel9/profiles/anssi_bp28_enhanced.profile
index a85a8412007..06d0a1185d4 100644
--- a/products/rhel9/profiles/anssi_bp28_enhanced.profile
+++ b/products/rhel9/profiles/anssi_bp28_enhanced.profile
@@ -21,6 +21,8 @@ description: |-
selections:
- anssi:all:enhanced
+ - var_password_hashing_algorithm=SHA512
+ - var_password_pam_unix_rounds=65536
# Following rules once had a prodtype incompatible with the rhel9 product
- '!partition_for_opt'
- '!accounts_passwords_pam_tally2_deny_root'
diff --git a/products/rhel9/profiles/anssi_bp28_high.profile b/products/rhel9/profiles/anssi_bp28_high.profile
index 6a0d74b6138..f94f706a42d 100644
--- a/products/rhel9/profiles/anssi_bp28_high.profile
+++ b/products/rhel9/profiles/anssi_bp28_high.profile
@@ -21,6 +21,8 @@ description: |-
selections:
- anssi:all:high
+ - var_password_hashing_algorithm=SHA512
+ - var_password_pam_unix_rounds=65536
# the following rule renders UEFI systems unbootable
- '!sebool_secure_mode_insmod'
# Following rules once had a prodtype incompatible with the rhel9 product
diff --git a/products/rhel9/profiles/anssi_bp28_intermediary.profile b/products/rhel9/profiles/anssi_bp28_intermediary.profile
index 6ea26cae699..3444fb82868 100644
--- a/products/rhel9/profiles/anssi_bp28_intermediary.profile
+++ b/products/rhel9/profiles/anssi_bp28_intermediary.profile
@@ -21,6 +21,8 @@ description: |-
selections:
- anssi:all:intermediary
+ - var_password_hashing_algorithm=SHA512
+ - var_password_pam_unix_rounds=65536
# Following rules once had a prodtype incompatible with the rhel9 product
- '!partition_for_opt'
- '!cracklib_accounts_password_pam_minlen'
diff --git a/products/rhel9/profiles/anssi_bp28_minimal.profile b/products/rhel9/profiles/anssi_bp28_minimal.profile
index b58ee599046..9d739a5c029 100644
--- a/products/rhel9/profiles/anssi_bp28_minimal.profile
+++ b/products/rhel9/profiles/anssi_bp28_minimal.profile
@@ -21,6 +21,8 @@ description: |-
selections:
- anssi:all:minimal
+ - var_password_hashing_algorithm=SHA512
+ - var_password_pam_unix_rounds=65536
# Following rules once had a prodtype incompatible with the rhel9 product
- '!cracklib_accounts_password_pam_minlen'
- '!accounts_passwords_pam_tally2_deny_root'