diff --git a/etc/kayobe/ansible/cis.yml b/etc/kayobe/ansible/cis.yml
index 7f41ad9fac..a574bd294e 100644
--- a/etc/kayobe/ansible/cis.yml
+++ b/etc/kayobe/ansible/cis.yml
@@ -13,7 +13,7 @@
         that:
           - ssh_key_type != 'ed25519'
         fail_msg: FIPS policy does not currently support ed25519 SSH keys on RHEL family systems
-      when: ansible_facts.os_family == 'RedHat'
+      when: ansible_facts.os_family == 'RedHat' and rhel9cis_crypto_policy == 'FIPS'
 
     - name: Ensure the cron package is installed on ubuntu
       package:
diff --git a/etc/kayobe/environments/ci-aio/inventory/group_vars/cis-hardening/cis b/etc/kayobe/environments/ci-aio/inventory/group_vars/cis-hardening/cis
new file mode 100644
index 0000000000..fe8b080d0e
--- /dev/null
+++ b/etc/kayobe/environments/ci-aio/inventory/group_vars/cis-hardening/cis
@@ -0,0 +1,9 @@
+---
+##############################################################################
+# Rocky 9 CIS Hardening Configuration
+
+# NOTE: Using DEFAULT crypto policy in CI. FIPS breaks ed25519 SSH keys, and
+# FUTURE breaks wazuh agent repo metadata download.
+rhel9cis_crypto_policy: DEFAULT
+
+##############################################################################
diff --git a/etc/kayobe/environments/ci-multinode/inventory/group_vars/cis-hardening/cis b/etc/kayobe/environments/ci-multinode/inventory/group_vars/cis-hardening/cis
new file mode 100644
index 0000000000..fe8b080d0e
--- /dev/null
+++ b/etc/kayobe/environments/ci-multinode/inventory/group_vars/cis-hardening/cis
@@ -0,0 +1,9 @@
+---
+##############################################################################
+# Rocky 9 CIS Hardening Configuration
+
+# NOTE: Using DEFAULT crypto policy in CI. FIPS breaks ed25519 SSH keys, and
+# FUTURE breaks wazuh agent repo metadata download.
+rhel9cis_crypto_policy: DEFAULT
+
+##############################################################################