diff --git a/controls/bsi_app_4_4.yml b/controls/bsi_app_4_4.yml
index 58c305182ee..ef5d88264a0 100644
--- a/controls/bsi_app_4_4.yml
+++ b/controls/bsi_app_4_4.yml
@@ -81,16 +81,9 @@ controls:
       minimum, this isolation MUST include process IDs, inter-process communication, user IDs,
       the file system, and the network (including the hostname).
     notes: >-
-      TBD
+      Since these are OS based requirements, they are included in the rhcos4 bsi profile
     status: pending
-    rules:
-      - coreos_enable_selinux_kernel_argument
-      # the following var is in repo, but unknown to build scripts
-      # - var_selinux_policy_name=targeted
-      - selinux_policytype
-      # the following var is in repo, but unknown to build scripts
-      # - var_selinux_state=enforcing
-      - selinux_state
+    # rules:
 
   - id: APP.4.4.A5
     title: Backup in the Cluster
diff --git a/products/ocp4/profiles/bsi-node.profile b/products/ocp4/profiles/bsi-node.profile
index 03bdfc4adfa..8540b1801dc 100644
--- a/products/ocp4/profiles/bsi-node.profile
+++ b/products/ocp4/profiles/bsi-node.profile
@@ -28,4 +28,4 @@ description: |-
 filter_rules: '"ocp4-node" in platforms or "ocp4-master-node" in platforms or "ocp4-node-on-sdn" in platforms or "ocp4-node-on-ovn" in platforms'
 
 selections:
-    - bsi_app_4_4:all
\ No newline at end of file
+    - bsi_app_4_4:all
diff --git a/products/ocp4/profiles/bsi.profile b/products/ocp4/profiles/bsi.profile
index 6921e2fab27..d5888905e08 100644
--- a/products/ocp4/profiles/bsi.profile
+++ b/products/ocp4/profiles/bsi.profile
@@ -32,4 +32,4 @@ selections:
     ### Helper Rules
     ### This is a helper rule to fetch the required api resource for detecting OCP version
     - version_detect_in_ocp
-    - version_detect_in_hypershift
\ No newline at end of file
+    - version_detect_in_hypershift
diff --git a/products/rhcos4/profiles/bsi.profile b/products/rhcos4/profiles/bsi.profile
new file mode 100644
index 00000000000..35c81aa8504
--- /dev/null
+++ b/products/rhcos4/profiles/bsi.profile
@@ -0,0 +1,23 @@
+documentation_complete: true
+
+title: 'DRAFT - BSI APP.4.4. and SYS.1.6'
+
+description: |-
+    This profile defines a baseline that aligns to the BSI (Federal Office for Security Information) IT-Grundschutz
+    Basic-Protection.
+
+    This baseline implements OS-Level configuration requirements from the following
+    sources:
+
+    - Building-Block SYS.1.6 Containerisation
+    - Building-Block APP.4.4 Kubernetes
+
+    THIS DOES NOT INCLUDE REQUIREMENTS FOR A HARDENED LINUX FROM SYS.1.3 LINUX
+
+selections:
+    # BSI APP.4.4.A4
+    - coreos_enable_selinux_kernel_argument
+    - var_selinux_policy_name=targeted
+    - selinux_policytype
+    - var_selinux_state=enforcing
+    - selinux_state