diff --git a/policy/modules/services/ntp.te b/policy/modules/services/ntp.te
index 1626ae87a..4d7e00243 100644
--- a/policy/modules/services/ntp.te
+++ b/policy/modules/services/ntp.te
@@ -94,6 +94,7 @@ can_exec(ntpd_t, ntpd_exec_t)
 kernel_read_kernel_sysctls(ntpd_t)
 kernel_read_system_state(ntpd_t)
 kernel_read_network_state(ntpd_t)
+kernel_read_crypto_sysctls(ntpd_t)
 kernel_request_load_module(ntpd_t)
 
 corenet_all_recvfrom_netlabel(ntpd_t)
diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
index 10b8d12e5..ae23e1995 100644
--- a/policy/modules/services/ssh.if
+++ b/policy/modules/services/ssh.if
@@ -214,6 +214,7 @@ template(`ssh_server_template', `
 
 	kernel_read_kernel_sysctls($1_t)
 	kernel_read_network_state($1_t)
+	kernel_read_crypto_sysctls($1_t)
 
 	corenet_all_recvfrom_netlabel($1_t)
 	corenet_tcp_sendrecv_generic_if($1_t)
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
index 4bc6b04cd..0d55588ed 100644
--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@@ -577,6 +577,7 @@ optional_policy(`
 dontaudit systemd_log_parse_env_type self:capability net_admin;
 
 kernel_read_system_state(systemd_log_parse_env_type)
+kernel_read_crypto_sysctls(systemd_log_parse_env_type)
 
 dev_write_kmsg(systemd_log_parse_env_type)