diff --git a/.github/workflows/devel_pipeline_validation.yml b/.github/workflows/devel_pipeline_validation.yml
index a4e7d48..8d9d15c 100644
--- a/.github/workflows/devel_pipeline_validation.yml
+++ b/.github/workflows/devel_pipeline_validation.yml
@@ -115,7 +115,7 @@
 
           # Run the ansible playbook
             - name: Run_Ansible_Playbook
-              uses: arillso/action.playbook@master
+              uses: ansible-lockdown/action.playbook@main
               with:
                 playbook: site.yml
                 inventory: .github/workflows/github_linux_IaC/hosts.yml
diff --git a/.github/workflows/main_pipeline_validation.yml b/.github/workflows/main_pipeline_validation.yml
index 0b149fb..90415c4 100644
--- a/.github/workflows/main_pipeline_validation.yml
+++ b/.github/workflows/main_pipeline_validation.yml
@@ -104,7 +104,7 @@
 
           # Run the ansible playbook
             - name: Run_Ansible_Playbook
-              uses: arillso/action.playbook@master
+              uses: ansible-lockdown/action.playbook@main
               with:
                 playbook: site.yml
                 inventory: .github/workflows/github_linux_IaC/hosts.yml
diff --git a/Changelog.md b/Changelog.md
index 314395c..75da505 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,3 +1,8 @@
 # Amazon 2023 CIS - 26th June 2023
 
-## Initial release
+## 0.91
+
+- issue #2 thanks to @babinskiy
+- moved to self hosted action after forking from arillso
+
+## Initial release 0.9
diff --git a/tasks/prelim.yml b/tasks/prelim.yml
index e858806..504bf4b 100644
--- a/tasks/prelim.yml
+++ b/tasks/prelim.yml
@@ -120,6 +120,10 @@
         ansible.builtin.set_fact:
             grub2_path: /etc/grub2-efi.cfg
         when: amzn2023cis_efi_boot.stat.exists
+  when:
+      - amzn2023cis_rule_1_4_1
+  tags:
+      - always
 
 - name: "PRELIM | Update to latest gpg keys"
   ansible.builtin.package:
@@ -260,3 +264,8 @@
       manager: auto
   tags:
       - always
+
+- name: "PRELIM  | Set audit to not run if amazon 2023"
+  ansible.builtin.set_fact:
+      run_audit: false
+  when: ansible_distribution_major_version == '2023'
diff --git a/tasks/section_1/cis_1.4.x.yml b/tasks/section_1/cis_1.4.x.yml
index 65e5905..fde251b 100644
--- a/tasks/section_1/cis_1.4.x.yml
+++ b/tasks/section_1/cis_1.4.x.yml
@@ -20,9 +20,9 @@
       - name: "1.4.1 | PATCH | Ensure permissions on bootloader config are configured | efi boot"
         ansible.builtin.lineinfile:
             path: /etc/fstab
-            regexp: (.*\/boot\/efi\s+vfat\s+defaults)
+            regexp: '(.*\/boot\/efi\s+vfat\s+defaults,.*)umask=00\d\d,(fmask=\d\d\d\d,|)(.*$)'
             backrefs: true
-            line: '<g>\1,umask=0027,fmask=0077,uid=0,gid=0 0 0'
+            line: '\1umask=0027,fmask=0077,\3'
         when: not amzn2023cis_legacy_boot
   when:
       - amzn2023cis_rule_1_4_1