diff --git a/README.md b/README.md
index 2f8086c1d65567366cf2b77c0bc4d11431e5fadf..2fdb6af614560400f24b53cfdd40585d065ef1c4 100644
--- a/README.md
+++ b/README.md
@@ -232,6 +232,9 @@ These operations are:
 - `lte`: tests if the flag value is less than or equal to the compared value.
 - `has`: tests if the flag value contains the compared value.
 - `nothave`: tests if the flag value does not contain the compared value.
+- `regex`: tests if the flag value matches the compared value regular expression.
+
+When defining regular expressions in YAML it is generally easier to wrap them in single quotes, for example `'^[abc]$'`, to avoid issues with string escaping.
 
 # Roadmap
 Going forward we plan to release updates to kube-bench to add support for new releases of the Benchmark, which in turn we can anticipate being made for each new Kubernetes release.
diff --git a/check/data b/check/data
index 116a5f9fb3b20aed0f0a3f33587e4d4a95b06e72..7e41a9f4a146f4d2a292913ad310722f73529932 100644
--- a/check/data
+++ b/check/data
@@ -297,3 +297,13 @@ groups:
               op: eq
               value: "false"
             set: true
+
+    - id: 26
+      text: "check regex op matches"
+      tests:
+        test_items:
+          - path: "{.currentMasterVersion}"
+            compare:
+              op: regex
+              value: '^1\.12.*$'
+            set: true
diff --git a/check/test.go b/check/test.go
index d27750aec42673f553f2593314cd260fdcc5f84f..b15cb8b41e69bc33b23508a0a830db5be64417dd 100644
--- a/check/test.go
+++ b/check/test.go
@@ -185,6 +185,11 @@ func (t *testItem) execute(s string) *testOutput {
 			case "nothave":
 				expectedResultPattern = " '%s' not have '%s'"
 				result.testResult = !strings.Contains(flagVal, t.Compare.Value)
+
+			case "regex":
+				expectedResultPattern = " '%s' matched by '%s'"
+				opRe := regexp.MustCompile(t.Compare.Value)
+				result.testResult = opRe.MatchString(flagVal)
 			}
 
 			result.ExpectedResult = fmt.Sprintf(expectedResultPattern, t.Flag, t.Compare.Value)
diff --git a/check/test_test.go b/check/test_test.go
index 308dcad2824c75f4c655ae470d9b062fb9351122..a74679c0c1352263635f79a016210329800e5dd0 100644
--- a/check/test_test.go
+++ b/check/test_test.go
@@ -152,6 +152,10 @@ func TestTestExecute(t *testing.T) {
 			controls.Groups[0].Checks[22],
 			"authentication:\n  anonymous:\n    enabled: false",
 		},
+		{
+			controls.Groups[0].Checks[26],
+			"currentMasterVersion: 1.12.7",
+		},
 	}
 
 	for _, c := range cases {
@@ -180,6 +184,14 @@ func TestTestExecuteExceptions(t *testing.T) {
 			controls.Groups[0].Checks[25],
 			"broken } yaml\nenabled: true",
 		},
+		{
+			controls.Groups[0].Checks[26],
+			"currentMasterVersion: 1.11",
+		},
+		{
+			controls.Groups[0].Checks[26],
+			"currentMasterVersion: ",
+		},
 	}
 
 	for _, c := range cases {