diff --git a/applications/openshift/api-server/api_server_encryption_provider_cipher/rule.yml b/applications/openshift/api-server/api_server_encryption_provider_cipher/rule.yml
index 4b2dd7866a97..2942aa5833b9 100644
--- a/applications/openshift/api-server/api_server_encryption_provider_cipher/rule.yml
+++ b/applications/openshift/api-server/api_server_encryption_provider_cipher/rule.yml
@@ -68,11 +68,12 @@ platform: not ocp4-on-hypershift-hosted
 ocil_clause: '<tt>aescbc</tt> is not configured as the encryption provider'
 
 ocil: |-
-    OpenShift supports encryption of data at rest of etcd datastore, but it is up to the
-    customer to configure. The asecbc cipher is used. No other ciphers are supported. Keys
-    are stored on the filesystem of the master and automatically rotated.
-    Run the following command to review the Encrypted status condition for the OpenShift
-    API server to verify that its resources were successfully encrypted:
+    OpenShift supports encryption of data at rest of etcd datastore, but it is
+    up to the customer to configure. The asecbc and aesgcm ciphers are
+    available for use within OpenShift. Keys are stored on the filesystem of
+    the master and automatically rotated. Run the following command to review
+    the Encrypted status condition for the OpenShift API server to verify that its
+    resources were successfully encrypted:
     <pre>
     # encrypt the etcd datastore
     $ oc get openshiftapiserver -o=jsonpath='{range .items[0].status.conditions[?(@.type=="Encrypted")]}{.status}{"\n"}{.reason}{"\n"}{.message}{"\n"}{end}'