diff --git a/files/common/etc/profile.d/set-umask-for-all-users.sh b/files/common/etc/profile.d/set-umask-for-all-users.sh
new file mode 100644
index 000000000..4b6031ac0
--- /dev/null
+++ b/files/common/etc/profile.d/set-umask-for-all-users.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+umask 027
diff --git a/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml b/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml
index 457bc82f9..0f3b59ba6 100644
--- a/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml
+++ b/files/common/var/lib/delphix-platform/ansible/10-delphix-platform/roles/delphix-platform/tasks/main.yml
@@ -679,4 +679,15 @@
     block: |
       . /etc/bash_completion.d/systemctl
       . /etc/bash_completion.d/zfs
-      PATH=$PATH:/opt/delphix/server/bin
\ No newline at end of file
+      PATH=$PATH:/opt/delphix/server/bin
+
+#
+# CIS: Set default umask (DLPX-87205)
+# We need to set default umask as 027 in the /etc/bash.bashrc file,
+# so that the same can be applied for all the users on the engine.
+#
+- blockinfile:
+    path: /etc/bash.bashrc
+    block: |
+      # Set default umask value.
+      umask 027