diff --git a/defaults/main.yml b/defaults/main.yml
index d365dd6d..dda0337a 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -53,7 +53,6 @@ security_initialize_aide: false
 # automatically with augenrules.
 #
 security_audit_account_modification: yes          # V-38531, V-38534, V-38538
-security_audit_apparmor_changes: yes              # V-38541
 security_audit_change_localtime: yes              # V-38530
 security_audit_change_system_time: yes            # V-38635
 security_audit_clock_settime: yes                 # V-38527
@@ -75,6 +74,7 @@ security_audit_deletions: no                      # V-38575
 security_audit_failed_access: no                  # V-38566
 security_audit_filesystem_mounts: yes             # V-38568
 security_audit_kernel_modules: yes                # V-38580
+security_audit_mac_changes: yes                   # V-38541
 security_audit_network_changes: yes               # V-38540
 security_audit_sudoers: yes                       # V-38578
 #
diff --git a/doc/source/developer-notes/V-38541.rst b/doc/source/developer-notes/V-38541.rst
index 2b070433..f764ee67 100644
--- a/doc/source/developer-notes/V-38541.rst
+++ b/doc/source/developer-notes/V-38541.rst
@@ -1,5 +1,11 @@
-The RHEL 6 STIG requires that changes to SELinux policies and configuration are
-audited.  However, Ubuntu's preference for Mandatory Access Control (MAC) is
-AppArmor and openstack-ansible configures AppArmor by default.
+For Ubuntu, rules are added to auditd that will log any changes made in the
+``/etc/apparmor`` directory.
 
-This requirement has been modified to fit AppArmor on an Ubuntu system.
+For CentOS, rules are added to auditd that will log any changes made in the
+``/etc/selinux`` directory.
+
+To opt-out of this change, set the following Ansible variable:
+
+.. code-block:: yaml
+
+    security_audit_mac_changes: no
diff --git a/releasenotes/notes/auditing-mac-policy-changes-fb83e0260a6431ed.yaml b/releasenotes/notes/auditing-mac-policy-changes-fb83e0260a6431ed.yaml
new file mode 100644
index 00000000..0c20701f
--- /dev/null
+++ b/releasenotes/notes/auditing-mac-policy-changes-fb83e0260a6431ed.yaml
@@ -0,0 +1,15 @@
+---
+
+upgrade:
+  - |
+    The variable ``security_audit_apparmor_changes`` is now renamed to
+    ``security_audit_mac_changes`` and is enabled by default. Setting
+    ``security_audit_mac_changes`` to ``no`` will disable syscall auditing for
+    any changes to AppArmor policies (in Ubuntu) or SELinux policies (in
+    CentOS).
+features:
+  - |
+    The auditd rules template included a rule that audited changes to the
+    AppArmor policies, but the SELinux policy changes were not being audited.
+    Any changes to SELinux policies in ``/etc/selinux`` are now being logged
+    by auditd.
diff --git a/tasks/main.yml b/tasks/main.yml
index 4fa6f443..0531d661 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -36,6 +36,7 @@
     set_fact:
       check_mode: "{{ noop_result | skipped }}"
       systemd_running: "{{ systemd_check | success }}"
+      linux_security_module: "{{ (ansible_os_family == 'Debian') | ternary('apparmor','selinux') }}"
 
   - include: apt.yml
     when: ansible_pkg_mgr == 'apt'
diff --git a/templates/osas-auditd.j2 b/templates/osas-auditd.j2
index 6a3ded96..536943e4 100644
--- a/templates/osas-auditd.j2
+++ b/templates/osas-auditd.j2
@@ -48,12 +48,18 @@
 -w /etc/network -p wa -k audit_network_modifications
 {% endif %}
 
-{% if security_audit_apparmor_changes | bool %}
+{% if linux_security_module == 'apparmor' and security_audit_mac_changes | bool %}
 # RHEL 6 STIG V-38541
 # Audits changes to AppArmor policies
 -w /etc/apparmor/ -p wa -k MAC-policy
 {% endif %}
 
+{% if linux_security_module == 'selinux' and security_audit_mac_changes | bool %}
+# RHEL 6 STIG V-38541
+# Audits changes to SELinux policies
+-w /etc/selinux/ -p wa -k MAC-policy
+{% endif %}
+
 {% if security_audit_DAC_chmod | bool %}
 # RHEL 6 STIG V-38543
 # Audits DAC changes via chmod