diff --git a/controls/ssl_test.rb b/controls/ssl_test.rb
index eec10e6..6ae4dc1 100644
--- a/controls/ssl_test.rb
+++ b/controls/ssl_test.rb
@@ -46,6 +46,12 @@
   description: 'The profile should not check if SSL is enabled on every port and assume it is'
 )
 
+tls_version = attribute(
+  'tls_version',
+  value: 'tls1.2',
+  description: 'The current TLS version to check (currently tls1.2 and tls1.3)'
+)
+
 # Find all TCP ports on the system, IPv4 and IPv6
 # Eliminate duplicate ports for cleaner reporting and faster scans and sort the
 # array by port number.
@@ -84,7 +90,7 @@
 
 #######################################################
 # Protocol Tests                                      #
-# Valid protocols are: tls1.2                         #
+# Valid protocols are: tls1.2, tls1.3                 #
 # Invalid protocols are : ssl2, ssl3, tls1.0, tls1.1  #
 #######################################################
 control 'ssl2' do
@@ -147,15 +153,15 @@
   end
 end
 
-control 'tls1.2' do
-  title 'Enable TLS 1.2 on exposed ports.'
+control 'tls1.2-1.3' do
+  title 'Enable TLS 1.2 or TLS 1.3 on exposed ports.'
   impact 0.5
   only_if { sslports.length > 0 }
 
   sslports.each do |sslport|
     # create a description
     proc_desc = "on node == #{target_hostname} running #{sslport[:socket].process.inspect} (#{sslport[:socket].pid})"
-    describe ssl(sslport).protocols('tls1.2') do
+    describe ssl(sslport).protocols(tls_version) do
       it(proc_desc) { should be_enabled }
       it { should be_enabled }
     end