diff --git a/cfg/cis-1.5/controlplane.yaml b/cfg/cis-1.5/controlplane.yaml
index 94bfff7c31d862091ca59161d1c3e2b346491a40..51c2612b1e8eec053be1121cc8cf3b3ddb60e6fd 100644
--- a/cfg/cis-1.5/controlplane.yaml
+++ b/cfg/cis-1.5/controlplane.yaml
@@ -21,7 +21,11 @@ groups:
     checks:
       - id: 3.2.1
         text: "Ensure that a minimal audit policy is created (Scored)"
-        type: "manual"
+        audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
+        tests:
+          test_items:
+            - flag: "--audit-policy-file"
+              set: true
         remediation: |
           Create an audit policy file for your cluster.
         scored: true
diff --git a/cfg/cis-1.6/controlplane.yaml b/cfg/cis-1.6/controlplane.yaml
index c116fdb0e463ec4be24585e3d92654516554a193..d4038c3b42374ae3c683bb3914455430178e99f4 100644
--- a/cfg/cis-1.6/controlplane.yaml
+++ b/cfg/cis-1.6/controlplane.yaml
@@ -21,7 +21,11 @@ groups:
     checks:
       - id: 3.2.1
         text: "Ensure that a minimal audit policy is created (Manual)"
-        type: "manual"
+        audit: "/bin/ps -ef | grep $apiserverbin | grep -v grep"
+        tests:
+          test_items:
+            - flag: "--audit-policy-file"
+              set: true
         remediation: |
           Create an audit policy file for your cluster.
         scored: false
diff --git a/cfg/config.yaml b/cfg/config.yaml
index 52360fb137885302b36880facf7ee560f79f3897..c25c1035f5bdec9cab7cc16a1669dd157ac27966 100644
--- a/cfg/config.yaml
+++ b/cfg/config.yaml
@@ -186,7 +186,15 @@ etcd:
     defaultconf: /etc/kubernetes/manifests/etcd.yaml
 
 controlplane:
-  components: []
+  components:
+    - apiserver
+
+  apiserver:
+    bins:
+      - "kube-apiserver"
+      - "hyperkube apiserver"
+      - "hyperkube kube-apiserver"
+      - "apiserver"
 
 policies:
   components: []
diff --git a/integration/testdata/cis-1.5/job.data b/integration/testdata/cis-1.5/job.data
index 89d6d35fcd3fa8bf7cd401d104efc03551ed1fba..e3a6456891238228ca3c77069c4207917e3a8b7b 100644
--- a/integration/testdata/cis-1.5/job.data
+++ b/integration/testdata/cis-1.5/job.data
@@ -193,7 +193,7 @@ on the master node and set the below parameter.
 [INFO] 3.1 Authentication and Authorization
 [WARN] 3.1.1 Client certificate authentication should not be used for users (Not Scored)
 [INFO] 3.2 Logging
-[WARN] 3.2.1 Ensure that a minimal audit policy is created (Scored)
+[FAIL] 3.2.1 Ensure that a minimal audit policy is created (Scored)
 [WARN] 3.2.2 Ensure that the audit policy covers key security concerns (Not Scored)
 
 == Remediations ==
@@ -208,8 +208,8 @@ minimum.
 
 == Summary ==
 0 checks PASS
-0 checks FAIL
-3 checks WARN
+1 checks FAIL
+2 checks WARN
 0 checks INFO
 [INFO] 4 Worker Node Security Configuration
 [INFO] 4.1 Worker Node Configuration Files