diff --git a/products/ubuntu2204/profiles/cis_level2_server.profile b/products/ubuntu2204/profiles/cis_level2_server.profile
index 4b0dacb93528..620b323f7bb7 100644
--- a/products/ubuntu2204/profiles/cis_level2_server.profile
+++ b/products/ubuntu2204/profiles/cis_level2_server.profile
@@ -9,6 +9,9 @@ description: |-
 extends: cis_level1_server
 
 selections:
+    ### Variables
+    - var_accounts_passwords_pam_faillock_dir=run
+
     #### 1.1.1.2 Ensure mounting of squashfs filesystems is disabled (Automated)
     - kernel_module_squashfs_disabled
 
@@ -155,9 +158,8 @@ selections:
     - audit_rules_session_events
 
     #### 4.1.3.12 Ensure login and logout events are collected (Automated)
-    - audit_rules_login_events_faillog
+    - audit_rules_login_events_faillock
     - audit_rules_login_events_lastlog
-    - audit_rules_login_events_tallylog
 
     #### 4.1.3.13 Ensure file deletion events by users are collected (Automated)
     - audit_rules_file_deletion_events_rename
diff --git a/products/ubuntu2204/profiles/cis_level2_workstation.profile b/products/ubuntu2204/profiles/cis_level2_workstation.profile
index 0fbe66e2258c..322279d2985f 100644
--- a/products/ubuntu2204/profiles/cis_level2_workstation.profile
+++ b/products/ubuntu2204/profiles/cis_level2_workstation.profile
@@ -9,6 +9,9 @@ description: |-
 extends: cis_level1_workstation
 
 selections:
+    ### Variables
+    - var_accounts_passwords_pam_faillock_dir=run
+
     #### 1.1.1.2 Ensure mounting of squashfs filesystems is disabled (Automated)
     - kernel_module_squashfs_disabled
 
@@ -167,9 +170,8 @@ selections:
     - audit_rules_session_events
 
     #### 4.1.3.12 Ensure login and logout events are collected (Automated)
-    - audit_rules_login_events_faillog
+    - audit_rules_login_events_faillock
     - audit_rules_login_events_lastlog
-    - audit_rules_login_events_tallylog
 
     #### 4.1.3.13 Ensure file deletion events by users are collected (Automated)
     - audit_rules_file_deletion_events_rename