diff --git a/config.yaml b/config.yaml
index 246dbb9..03c32d3 100644
--- a/config.yaml
+++ b/config.yaml
@@ -124,6 +124,7 @@ actions:
   - modify_release:
     - suffix: ".alma.1"
       enabled: true
+      auto_increment: true
 
   - changelog_entry:
       - name: "Andrew Lukoshko"
diff --git a/files/add-almalinux8-support.sh b/files/add-almalinux8-support.sh
index 5061939..12e00af 100644
--- a/files/add-almalinux8-support.sh
+++ b/files/add-almalinux8-support.sh
@@ -36,9 +36,20 @@ find ./shared -type f -exec sed -i \
     -e 's|<platform>multi_platform_rhel</platform>|<platform>multi_platform_rhel</platform>\n<platform>multi_platform_almalinux</platform>|g' {} \;
 
 # 5. Improve Ansible support in conditionals
+#    Two product-gating idioms are used in the shared rule templates:
+#      - list membership:  {% if product in [..., "rhel8"] %}
+#      - equality:         {% if product == "rhel8" %}
+#    The list form is rewritten below. The equality form is NOT a substring of
+#    the list form, so it must be handled separately, otherwise almalinux8
+#    silently falls through to the generic `else` branch of those rules (e.g.
+#    configure_custom_crypto_policy_cis drops NO-SSHWEAKCIPHERS/NO-SSHWEAKMACS/
+#    NO-WEAKMAC, weakening the CIS crypto remediation versus the rhel8 base).
 find ./linux_os -type d -name ensure_redhat_gpgkey_installed -prune -o -type f -exec sed -i \
     -e '/if product in/ s/"rhel8"/"rhel8", "almalinux8"/g' {} \;
 
+find ./linux_os ./shared -type d -name ensure_redhat_gpgkey_installed -prune -o -type f -exec sed -i -E \
+    -e 's/product == (["'\''])rhel8\1/(product == \1rhel8\1 or product == \1almalinux8\1)/g' {} \;
+
 # 6. Add disa references symlinks for AlmaLinux
 for xml in $(find shared/references/ -type f -name 'disa-stig-rhel*.xml'); do
     target="$(echo "$xml" | sed 's/rhel/almalinux/g')"