diff --git a/releasenotes/notes/skip-sysctl-when-disabled-b32eca48df5b1437.yaml b/releasenotes/notes/skip-sysctl-when-disabled-b32eca48df5b1437.yaml
new file mode 100644
index 00000000..73f211e3
--- /dev/null
+++ b/releasenotes/notes/skip-sysctl-when-disabled-b32eca48df5b1437.yaml
@@ -0,0 +1,10 @@
+---
+fixes:
+  - |
+    The sysctl configuration task was not skipping configurations where
+    ``enabled`` was set to ``no``. Instead, it was removing configurations
+    when ``enabled: no`` was set.
+
+    There is now a fix in place that ensures any sysctl configuration with
+    ``enabled: no`` will be skipped and the configuration will be left
+    unaltered on the system.
diff --git a/tasks/rhel7stig/kernel.yml b/tasks/rhel7stig/kernel.yml
index 539ac4a8..45f34927 100644
--- a/tasks/rhel7stig/kernel.yml
+++ b/tasks/rhel7stig/kernel.yml
@@ -31,6 +31,8 @@
     value: "{{ item.value }}"
     state: "{{ item.enabled | ternary('present', 'absent') }}"
     reload: yes
+  when:
+    - item.enabled | bool
   with_items: "{{ sysctl_settings_rhel7 }}"
   tags:
     - medium
diff --git a/vars/main.yml b/vars/main.yml
index cc647269..24213f76 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -317,7 +317,9 @@ shadow_utils_rhel7:
 #
 #   name: the sysctl configuration name
 #   value: the value to set for the sysctl configuration
-#   enabled: whether the variable should be set or not
+#   enabled: yes or no
+#     - 'yes' (ensure the variable is set)
+#     - 'no' (the role will not alter the configuration)
 #
 sysctl_settings_rhel7:
   - name: net.ipv4.conf.all.accept_source_route