diff --git a/controls/4_1_configure_system_accounting_auditd.rb b/controls/4_1_configure_system_accounting_auditd.rb
index 90c72d2..6f121a8 100644
--- a/controls/4_1_configure_system_accounting_auditd.rb
+++ b/controls/4_1_configure_system_accounting_auditd.rb
@@ -277,13 +277,22 @@
   end
 
   uname = command('uname -m').stdout.strip
-  if uname == 'x86_64' || uname == 'aarch64'
+  if uname == 'x86_64'
     describe file('/etc/audit/audit.rules') do
       its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S chmod -S fchmod -S fchmodat -F auid>=#{uid_min} -F auid!=4294967295 -k perm_mod$/) }
       its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S chown -S fchown -S fchownat -S lchown -F auid>=#{uid_min} -F auid!=4294967295 -k perm_mod$/) }
       its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S lremovexattr -S fremovexattr -F auid>=#{uid_min} -F auid!=4294967295 -k perm_mod$/) }
     end
   end
+
+  # For aarch64 the symbols chmod, chown and lchown are not available
+  if uname == 'aarch64'
+    describe file('/etc/audit/audit.rules') do
+      its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S fchmod -S fchmodat -F auid>=#{uid_min} -F auid!=4294967295 -k perm_mod$/) }
+      its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S fchown -S fchownat -F auid>=#{uid_min} -F auid!=4294967295 -k perm_mod$/) }
+      its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S lremovexattr -S fremovexattr -F auid>=#{uid_min} -F auid!=4294967295 -k perm_mod$/) }
+    end
+  end
 end
 
 control 'cis-dil-benchmark-4.1.12' do
@@ -302,12 +311,20 @@
   end
 
   uname = command('uname -m').stdout.strip
-  if uname == 'x86_64' || uname == 'aarch64'
+  if uname == 'x86_64'
     describe file('/etc/audit/audit.rules') do
       its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=#{uid_min} -F auid!=4294967295 -k access$/) }
       its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=#{uid_min} -F auid!=4294967295 -k access$/) }
     end
   end
+
+  # For aarch64 the symbols creat and open are not available
+  if uname == 'aarch64'
+    describe file('/etc/audit/audit.rules') do
+      its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=#{uid_min} -F auid!=4294967295 -k access$/) }
+      its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=#{uid_min} -F auid!=4294967295 -k access$/) }
+    end
+  end
 end
 
 control 'cis-dil-benchmark-4.1.13' do
@@ -364,11 +381,18 @@
   end
 
   uname = command('uname -m').stdout.strip
-  if uname == 'x86_64' || uname == 'aarch64'
+  if uname == 'x86_64'
     describe file('/etc/audit/audit.rules') do
       its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S unlink -S unlinkat -S rename -S renameat -F auid>=#{uid_min} -F auid!=4294967295 -k delete$/) }
     end
   end
+
+  # For aarch64 the symbols unlink and rename are not available
+  if uname == 'aarch64'
+    describe file('/etc/audit/audit.rules') do
+      its('content') { should match(/^-a (always,exit|exit,always) -F arch=b64 -S unlinkat -S renameat -F auid>=#{uid_min} -F auid!=4294967295 -k delete$/) }
+    end
+  end
 end
 
 control 'cis-dil-benchmark-4.1.16' do