diff --git a/doc/metadata/rhel7/RHEL-07-021280.rst b/doc/metadata/rhel7/RHEL-07-021280.rst
index 6adfdd01..a3a4939f 100644
--- a/doc/metadata/rhel7/RHEL-07-021280.rst
+++ b/doc/metadata/rhel7/RHEL-07-021280.rst
@@ -1,7 +1,23 @@
 ---
 id: RHEL-07-021280
-status: not implemented
+status: implemented - red hat only
 tag: misc
 ---
 
-This STIG requirement is not yet implemented.
+The tasks in the Ansible role install the ``dracut-fips`` and
+``dracut-fips-aesni`` packages and check to see if FIPS is enabled on the
+system. If it is not enabled, a warning message is printed in the Ansible
+output.
+
+Enabling FIPS at boot time requires additional manual configuration. Refer to
+`Chapter 7. Federal Standards and Regulations`_ in the Red Hat documentation
+for more details. Section 7.1.1 contains the steps required for updating
+the bootloader configuration and regenerating the initramfs.
+
+.. _Chapter 7. Federal Standards and Regulations : https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/chap-Federal_Standards_and_Regulations.html
+
+.. note::
+
+    This change only applies to CentOS and Red Hat Enterprise Linux. Ubuntu
+    does not use dracut by default and the process for enabling the FIPS
+    functionality at boot time is more complex.
diff --git a/tasks/rhel7stig/kernel.yml b/tasks/rhel7stig/kernel.yml
index f99173d0..d73663c8 100644
--- a/tasks/rhel7stig/kernel.yml
+++ b/tasks/rhel7stig/kernel.yml
@@ -67,3 +67,27 @@
     - kernel
     - medium
     - RHEL-07-021230
+
+- name: Check if FIPS is enabled
+  command: cat /proc/sys/crypto/fips_enabled
+  register: fips_check
+  changed_when: False
+  check_mode: no
+  when:
+    - ansible_os_family | lower == 'redhat'
+  tags:
+    - always
+
+- name: Print a warning if FIPS isn't enabled
+  debug:
+    msg: >
+      FIPS is not enabled at boot time on this server.
+      The STIG requires FIPS to be enabled at boot time.
+  when:
+    - ansible_os_family | lower == 'redhat'
+    - fips_check is defined
+    - fips_check.stdout == '0'
+  tags:
+    - high
+    - misc
+    - RHEL-07-021280
diff --git a/tasks/rhel7stig/packages.yml b/tasks/rhel7stig/packages.yml
index e1306b76..9a21bbd5 100644
--- a/tasks/rhel7stig/packages.yml
+++ b/tasks/rhel7stig/packages.yml
@@ -30,9 +30,10 @@
     - packages
     - services
     - RHEL-07-010072
-    - RHEL-07-021910
     - RHEL-07-020000
-    - RHEL-08-020010
+    - RHEL-07-020010
+    - RHEL-07-021280
+    - RHEL-07-021910
     - RHEL-07-030810
     - RHEL-07-040260
     - RHEL-07-040500
diff --git a/vars/redhat.yml b/vars/redhat.yml
index 33d5b6b2..b27fdaa1 100644
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@@ -102,6 +102,8 @@ stig_packages_rhel7:
       - audispd-plugins
       - audit
       - aide
+      - dracut-fips
+      - dracut-fips-aesni
       - openssh-clients
       - openssh-server
       - screen