What were you trying to do that didn't work?

With RHEL-111491 fixing, a new hash@rpm = ... SHA1 was introduced in the crypto policy.
This makes CIS check {{1.6.3 Ensure system wide crypto policy disables sha1 hash and
signature support (Automated)}} fail because a line is returned:

# awk -F= '($1~/(hash|sign)/ && $2~/SHA1/ && $2!~/^\s*\-
\s*([^#\n\r]+)?SHA1/){print}' /etc/crypto-policies/state/CURRENT.pol
hash@rpm = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA2-224 SHA3-224 SHAKE-256 SHA1

(Page 196 of the attached PDF)

The above check searches for "SHA1" in any "hash" or "sign" key, whatever the provider is, and IMHO it's right to do so.

What is the impact of this issue to you?

Failure to comply the CIS standard

Please provide the package NVR for which the bug is seen:

crypto-policies-20250905-1.git377cc42.el9_7.noarch

How reproducible is this bug?

Always, see above.