diff --git a/exceptions/exceptionprocessor.go b/exceptions/exceptionprocessor.go
index 602d9cb1..7d5e89a3 100644
--- a/exceptions/exceptionprocessor.go
+++ b/exceptions/exceptionprocessor.go
@@ -67,19 +67,19 @@ func ListRuleExceptions(exceptionPolicies []armotypes.PostureExceptionPolicy, fr
 
 func ruleHasExceptions(exceptionPolicy *armotypes.PostureExceptionPolicy, frameworkName, controlName, controlID, ruleName string) bool {
 	for _, posturePolicy := range exceptionPolicy.PosturePolicies {
-		if posturePolicy.FrameworkName == "" && posturePolicy.ControlName == "" && posturePolicy.RuleName == "" {
+		if posturePolicy.FrameworkName == "" && posturePolicy.ControlName == "" && posturePolicy.ControlID == "" && posturePolicy.RuleName == "" {
 			continue // empty policy -> ignore
 		}
-		if posturePolicy.FrameworkName != "" && strings.EqualFold(posturePolicy.FrameworkName, frameworkName) {
+		if posturePolicy.FrameworkName != "" && !strings.EqualFold(posturePolicy.FrameworkName, frameworkName) {
 			continue // policy does not match
 		}
-		if posturePolicy.ControlName != "" && strings.EqualFold(posturePolicy.ControlName, controlName) {
+		if posturePolicy.ControlName != "" && !strings.EqualFold(posturePolicy.ControlName, controlName) {
 			continue // policy does not match
 		}
-		if posturePolicy.ControlID != "" && strings.EqualFold(posturePolicy.ControlID, controlID) {
+		if posturePolicy.ControlID != "" && !strings.EqualFold(posturePolicy.ControlID, controlID) {
 			continue // policy does not match
 		}
-		if posturePolicy.RuleName != "" && strings.EqualFold(posturePolicy.RuleName, ruleName) {
+		if posturePolicy.RuleName != "" && !strings.EqualFold(posturePolicy.RuleName, ruleName) {
 			continue // policy does not match
 		}
 		return true // policies match
diff --git a/exceptions/exceptionprocessor_test.go b/exceptions/exceptionprocessor_test.go
index d35bd0e9..3c66fe66 100644
--- a/exceptions/exceptionprocessor_test.go
+++ b/exceptions/exceptionprocessor_test.go
@@ -39,13 +39,12 @@ func PostureExceptionPolicyAlertOnlyMock() *armotypes.PostureExceptionPolicy {
 func TestListRuleExceptions(t *testing.T) {
 	exceptionPolicies := []armotypes.PostureExceptionPolicy{*PostureExceptionPolicyAlertOnlyMock()}
 	res1 := ListRuleExceptions(exceptionPolicies, "MITRE", "", "", "")
+	assert.Equal(t, len(res1), 1)
 	if len(res1) != 1 {
 		t.Errorf("expecting 1 exception")
 	}
 	res2 := ListRuleExceptions(exceptionPolicies, "", "hostPath mount", "", "")
-	if len(res2) != 0 {
-		t.Errorf("expecting 0 exception")
-	}
+	assert.Equal(t, len(res2), 0)
 }
 
 func TestRegexCompare(t *testing.T) {