diff --git a/components/openssh.yml b/components/openssh.yml
index f257c7e6f37..3298afea093 100644
--- a/components/openssh.yml
+++ b/components/openssh.yml
@@ -38,6 +38,7 @@ rules:
 - sshd_allow_only_protocol2
 - sshd_disable_compression
 - sshd_disable_empty_passwords
+- sshd_disable_forwarding
 - sshd_disable_gssapi_auth
 - sshd_disable_kerb_auth
 - sshd_disable_pubkey_auth
diff --git a/controls/cis_ubuntu2404.yml b/controls/cis_ubuntu2404.yml
index e1a6c859f00..1d692f57906 100644
--- a/controls/cis_ubuntu2404.yml
+++ b/controls/cis_ubuntu2404.yml
@@ -1120,8 +1120,9 @@ controls:
     levels:
       - l1_server
       - l2_workstation
-    status: planned
-    notes: TODO. Rule does not seem to be implemented, nor does it map to any rules in ubuntu2204 profile.
+    rules:
+      - sshd_disable_forwarding
+    status: automated
 
   - id: 3.2.1
     title: Ensure dccp kernel module is not available (Automated)
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_forwarding/rule.yml
new file mode 100644
index 00000000000..2b38acabeb2
--- /dev/null
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_forwarding/rule.yml
@@ -0,0 +1,24 @@
+documentation_complete: true
+
+title: 'Disable SSH Forwarding'
+
+description: |-
+    The DisableForwarding parameter disables all forwarding features, 
+
+rationale: |-
+    Disable ssh forwarding unless there is an operational requirement to use it. 
+    Leaving port forwarding enabled can expose the organization to security risks.
+
+severity: medium
+
+ocil_clause: "The DisableForwarding option exists and is yes"
+
+ocil: |-
+    {{{ ocil_sshd_option(default="yes", option="DisableForwarding", value="yes") }}}
+
+template:
+    name: sshd_lineinfile
+    vars:
+        parameter: DisableForwarding
+        value: 'yes'
+        datatype: string