diff --git a/defaults/main.yml b/defaults/main.yml
index bf642e5..bc26e8c 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -827,7 +827,7 @@ cis_ubuntu2404_section3_mode_default: "0644"
 cis_ubuntu2404_section5_owner_ssh: root
 cis_ubuntu2404_section5_group_ssh: root
 cis_ubuntu2404_section5_mode_ssh: "0600"
-cis_ubuntu2404_section5_mode_ssh_pub: "1410"
+cis_ubuntu2404_section5_mode_ssh_pub: "0644"
 cis_ubuntu2404_section5_owner_sudo: root
 cis_ubuntu2404_section5_group_sudo: root
 cis_ubuntu2404_section5_mode_sudo: "0400"
diff --git a/tasks/section4.yml b/tasks/section4.yml
index 53100ab..e9738e1 100644
--- a/tasks/section4.yml
+++ b/tasks/section4.yml
@@ -125,7 +125,7 @@
         from: "::1"
         log: false
       when:
-        - not cis_ubuntu2404_rule_3_1_1 and cis_ubuntu2404_required_ipv6
+        - not cis_ubuntu2404_rule_3_1_1 or (cis_ubuntu2404_rule_3_1_1 and cis_ubuntu2404_required_ipv6)
 
 - name: "SECTION4 | 4.2.5 | Ensure ufw outbound connections are configured"
   community.general.ufw: