diff --git a/doc/metadata/rhel7/RHEL-07-040520.rst b/doc/metadata/rhel7/RHEL-07-040520.rst
index 38351adf..e4af730b 100644
--- a/doc/metadata/rhel7/RHEL-07-040520.rst
+++ b/doc/metadata/rhel7/RHEL-07-040520.rst
@@ -1,7 +1,10 @@
 ---
 id: RHEL-07-040520
-status: not implemented
+status: verification only
 tag: misc
 ---
 
-This STIG requirement is not yet implemented.
+The tasks in the security role examine the TFTP server configuration file (if
+it exists) to verify that the secure operation flag (``-s``) is listed on the
+``server_args`` line. If it is missing, a warning message is printed in the
+Ansible output.
diff --git a/tasks/rhel7stig/misc.yml b/tasks/rhel7stig/misc.yml
index b5d17b48..39dac83c 100644
--- a/tasks/rhel7stig/misc.yml
+++ b/tasks/rhel7stig/misc.yml
@@ -285,3 +285,33 @@
     - medium
     - misc
     - RHEL-07-040480
+
+- name: Check for TFTP server configuration file
+  stat:
+    path: /etc/xinetd.d/tftp
+  register: tftp_config_check
+  check_mode: no
+  tags:
+    - always
+
+- name: Check TFTP configuration mode
+  command: 'grep server_args /etc/xinetd.d/tftp'
+  register: tftp_secure_check
+  changed_when: False
+  failed_when: False
+  check_mode: no
+  when:
+    - tftp_config_check.stat.exists
+  tags:
+    - always
+
+- name: RHEL-07-040520 - TFTP must be configured to operate in secure mode
+  debug:
+    msg: TFTP must be configured to run in secure mode with the '-s' flag.
+  when:
+    - tftp_config_check.stat.exists
+    - "'-s' not in tftp_secure_check.stdout"
+  tags:
+    - medium
+    - misc
+    - RHEL-07-040520