diff --git a/ash-linux/el9/RuleById/medium/content_rule_sudo_remove_nopasswd.sls b/ash-linux/el9/RuleById/medium/content_rule_sudo_remove_nopasswd.sls
index 1fbc13167..353c7b6f8 100644
--- a/ash-linux/el9/RuleById/medium/content_rule_sudo_remove_nopasswd.sls
+++ b/ash-linux/el9/RuleById/medium/content_rule_sudo_remove_nopasswd.sls
@@ -94,19 +94,17 @@ notify_{{ stig_id }}-skipSet:
     {%- if (
              sudoer != "/etc/sudoers.d/90-cloud-init-users" and
              sudoer != "/etc/sudoers.d/ssm-agent-users"
-           ) and
-           salt.file.search(sudoer, '^[a-zA-Z%@].*NOPASSWD') %}
+           )  %}
 Nuke NOPASSWD from sudoers ({{ stig_id }}) - {{ sudoer }}:
   file.replace:
     - name: '{{ sudoer }}'
     - backup: False
-    - pattern: '^([a-zA-Z0-9_-][a-zA-Z0-9._-]*)(\s\s*.*)(NOPASSWD:[A-Za-z/_-]*)'
-    - repl: '# Set per STIG-ID {{ stig_id }}\n\1\2'
+    - pattern: '^([a-zA-Z0-9_-][a-zA-Z0-9._-]*)(\s\s*.*)(NOPASSWD)(:[A-Za-z/_-]*)'
+    - repl: '# Set per STIG-ID {{ stig_id }}\n\1\2PASSWD\4'
     {%- elif (
                sudoer == "/etc/sudoers.d/90-cloud-init-users" or
                sudoer == "/etc/sudoers.d/ssm-agent-users"
-             )
-             and salt.file.search(sudoer, '^[a-zA-Z%@].*NOPASSWD') %}
+             ) %}
 Why Skip ({{ stig_id }}) - {{ sudoer }}:
   test.show_notification:
     - text: |