diff --git a/doc/source/developer-notes/V-58901.rst b/doc/source/developer-notes/V-58901.rst
new file mode 100644
index 00000000..779c172d
--- /dev/null
+++ b/doc/source/developer-notes/V-58901.rst
@@ -0,0 +1,3 @@
+The Ansible tasks will search for ``NOPASSWD`` and ``!authenticate`` in the
+sudo configuration. If either is found, the playbook will fail and an error
+message will be printed.
diff --git a/tasks/auth.yml b/tasks/auth.yml
index e5a44585..65d75ea0 100644
--- a/tasks/auth.yml
+++ b/tasks/auth.yml
@@ -329,3 +329,32 @@
     - auth
     - cat3
     - V-38683
+
+- name: Checking for NOPASSWD in sudoers (for V-58901)
+  shell: "egrep '^[^#]*NOPASSWD' /etc/sudoers /etc/sudoers.d/*"
+  register: v58901_nopasswd_result
+  changed_when: False
+  failed_when: v58901_nopasswd_result.rc > 1
+  tags:
+    - auth
+    - cat2
+    - V-58901
+
+- name: Checking for !authenticate in sudoers (for V-58901)
+  shell: "egrep '^[^#]*!authenticate' /etc/sudoers /etc/sudoers.d/*"
+  register: v58901_authenticate_result
+  changed_when: False
+  failed_when: v58901_authenticate_result.rc > 1
+  tags:
+    - auth
+    - cat2
+    - V-58901
+
+- name: V-58901 - The sudo command must require authentication
+  fail:
+    msg: "FAILED: NOPASSWD or !authenticate found in sudo configuration"
+  when: v58901_nopasswd_result.rc == 0 or v58901_authenticate_result.rc == 0
+  tags:
+    - auth
+    - cat2
+    - V-58901