diff --git a/scanners/access-and-control/1.19-ensure-ssh-permituserenvironment-is-disabled.sh b/scanners/access-and-control/1.19-ensure-ssh-permituserenvironment-is-disabled.sh
index aaa2c20be14b6537d68e36301b4a6f9b99d20b61..9dd6389f80a7093d140319312d980cc3bb528125 100644
--- a/scanners/access-and-control/1.19-ensure-ssh-permituserenvironment-is-disabled.sh
+++ b/scanners/access-and-control/1.19-ensure-ssh-permituserenvironment-is-disabled.sh
@@ -1,6 +1,6 @@
 result=false
 
-sshd -T -C user=root -C host="$(hostname)" -C addr="$(grep $(hostname) /etc/hosts | awk '{print $1}')" | grep -Eiq ^permituserenvironment\\s+no && grep -Eiq 'permituserenvironment\s+no' /etc/ssh/sshd_config && result=true
+sshd -T -C user=root -C host="$(hostname)" -C addr="$(grep $(hostname) /etc/hosts | awk '{print $1}')" | grep -Eiq ^permituserenvironment\\s+no && ! (grep -Eiq '^\s*PermitUserEnvironment\s+yes\b' /etc/ssh/sshd_config) && result=true
 
 if [ "$result" = true ]; then
     echo "pass"