diff --git a/.DS_Store b/.DS_Store
deleted file mode 100644
index 65b247f9..00000000
Binary files a/.DS_Store and /dev/null differ
diff --git a/defaults/main.yml b/defaults/main.yml
index 230d4c10..7a25e859 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -612,6 +612,11 @@ ubtu20cis_pass:
     warn_age: 7
     inactive: 30
 
+# Control 5.5.4
+# ubtu120cis_bash_umask is the umask to set in the /etc/bash.bashrc and /etc/profile. 
+# The value needs to be 027 or more restrictive to comply with CIS standards
+ubtu20cis_bash_umask: '027'
+
 # Control 5.5.5
 # Session timeout setting file (TMOUT setting can be set in multiple files)
 # Timeout value is in seconds. Set value to 900 seconds or less
diff --git a/tasks/section_5/cis_5.5.x.yml b/tasks/section_5/cis_5.5.x.yml
index 0a53c085..cfc74c4f 100644
--- a/tasks/section_5/cis_5.5.x.yml
+++ b/tasks/section_5/cis_5.5.x.yml
@@ -213,10 +213,10 @@
         when: ubtu20cis_5_5_4_umask_pam_status.stdout | length == 0
 
       - name: "AUTOMATED | 5.5.4 | PATCH | Ensure default user umask is 027 or more restrictive"
-        replace:
+        lineinfile:
             path: "{{ item }}"
-            regexp: '(?i)^((?!#)umask)\s+0[0,2,5][0,2,5]'
-            replace: '\1 027'
+            regexp: '^umask '
+            line: "umask {{ ubtu20cis_bash_umask }}"
         with_items:
             - /etc/bash.bashrc
             - /etc/profile