diff --git a/cis_v130/section_1.sp b/cis_v130/section_1.sp
index b6cd0b1c..3811b41a 100644
--- a/cis_v130/section_1.sp
+++ b/cis_v130/section_1.sp
@@ -54,7 +54,7 @@ control "cis_v130_1_1" {
 control "cis_v130_1_2" {
   title         = "1.2 Ensure security contact information is registered"
   description   = "AWS provides customers with the option of specifying the contact information for accounts security team. It is recommended that this information be provided."
-  sql           = query.manual_control.sql
+  sql           = query.account_alternate_contact_security_registered.sql
   documentation = file("./cis_v130/docs/cis_v130_1_2.md")
 
   tags = merge(local.cis_v130_1_common_tags, {
diff --git a/cis_v140/section_1.sp b/cis_v140/section_1.sp
index c476e40f..9709d823 100644
--- a/cis_v140/section_1.sp
+++ b/cis_v140/section_1.sp
@@ -53,7 +53,7 @@ control "cis_v140_1_1" {
 control "cis_v140_1_2" {
   title         = "1.2 Ensure security contact information is registered"
   description   = "AWS provides customers with the option of specifying the contact information for account's security team. It is recommended that this information be provided."
-  sql           = query.manual_control.sql
+  sql           = query.account_alternate_contact_security_registered.sql
   documentation = file("./cis_v140/docs/cis_v140_1_2.md")
 
   tags = merge(local.cis_v140_1_common_tags, {
diff --git a/cis_v140/section_2.sp b/cis_v140/section_2.sp
index b6610e9b..4b9343be 100644
--- a/cis_v140/section_2.sp
+++ b/cis_v140/section_2.sp
@@ -93,7 +93,7 @@ control "cis_v140_2_1_4" {
   title         = "2.1.4 Ensure all data in Amazon S3 has been discovered, classified and secured when required"
   description   = "Amazon S3 buckets can contain sensitive data, that for security purposes should be discovered, monitored, classified and protected. Macie along with other 3rd party tools can automatically provide an inventory of Amazon S3 buckets."
   documentation = file("./cis_v140/docs/cis_v140_2_1_4.md")
-  sql           = query.manual_control.sql
+  sql           = query.s3_bucket_protected_by_macie.sql
 
   tags = merge(local.cis_v140_2_1_common_tags, {
     cis_item_id = "2.1.4"
diff --git a/cis_v150/cis.sp b/cis_v150/cis.sp
index cdd0c8ac..ade2b2e2 100644
--- a/cis_v150/cis.sp
+++ b/cis_v150/cis.sp
@@ -5,7 +5,6 @@ locals {
   })
 }
 
-
 benchmark "cis_v150" {
   title         = "CIS v1.5.0"
   description   = "The CIS Amazon Web Services Foundations Benchmark provides prescriptive guidance for configuring security options for a subset of Amazon Web Services with an emphasis on foundational, testable, and architecture agnostic settings."
diff --git a/cis_v150/section_1.sp b/cis_v150/section_1.sp
index c5ebabbe..fa6613fc 100644
--- a/cis_v150/section_1.sp
+++ b/cis_v150/section_1.sp
@@ -53,7 +53,7 @@ control "cis_v150_1_1" {
 control "cis_v150_1_2" {
   title         = "1.2 Ensure security contact information is registered"
   description   = "AWS provides customers with the option of specifying the contact information for account's security team. It is recommended that this information be provided."
-  sql           = query.manual_control.sql
+  sql           = query.account_alternate_contact_security_registered.sql
   documentation = file("./cis_v150/docs/cis_v150_1_2.md")
 
   tags = merge(local.cis_v150_1_common_tags, {
diff --git a/cis_v150/section_2.sp b/cis_v150/section_2.sp
index 84b39349..ce5bf1d8 100644
--- a/cis_v150/section_2.sp
+++ b/cis_v150/section_2.sp
@@ -97,7 +97,7 @@ control "cis_v150_2_1_4" {
   title         = "2.1.4 Ensure all data in Amazon S3 has been discovered, classified and secured when required"
   description   = "Amazon S3 buckets can contain sensitive data, that for security purposes should be discovered, monitored, classified and protected. Macie along with other 3rd party tools can automatically provide an inventory of Amazon S3 buckets."
   documentation = file("./cis_v150/docs/cis_v150_2_1_4.md")
-  sql           = query.manual_control.sql
+  sql           = query.s3_bucket_protected_by_macie.sql
 
   tags = merge(local.cis_v150_2_1_common_tags, {
     cis_item_id = "2.1.4"
diff --git a/query/account/account_alternate_contact_security_registered.sql b/query/account/account_alternate_contact_security_registered.sql
new file mode 100644
index 00000000..dfa96094
--- /dev/null
+++ b/query/account/account_alternate_contact_security_registered.sql
@@ -0,0 +1,28 @@
+with alternate_security_contact as (
+  select
+    name,
+    account_id
+  from
+    aws_account_alternate_contact
+  where
+    contact_type = 'SECURITY'
+)
+select
+  -- Required Columns
+  arn as resource,
+  case
+    when a.partition = 'aws-us-gov' then 'info'
+    -- Name is a required field if setting a security contact
+    when c.name is not null then 'ok'
+    else 'alarm'
+  end as status,
+  case
+    when a.partition = 'aws-us-gov' then a.title || ' in GovCloud, manual verification required.'
+    when c.name is not null then a.title || ' has security contact ' || c.name || ' registered.'
+    else a.title || ' security contact not registered.'
+  end as reason,
+  -- Additional Dimensions
+  a.account_id
+from
+  aws_account as a
+  left join alternate_security_contact as c on c.account_id = a.account_id;
diff --git a/query/es/es_domain_node_to_node_encryption_enabled.sql b/query/es/es_domain_node_to_node_encryption_enabled.sql
index 300dafc2..b9fbe73c 100644
--- a/query/es/es_domain_node_to_node_encryption_enabled.sql
+++ b/query/es/es_domain_node_to_node_encryption_enabled.sql
@@ -2,10 +2,12 @@ select
   -- Required Columns
   arn as resource,
   case
+    when region = any(array['af-south-1', 'eu-south-1', 'cn-north-1', 'cn-northwest-1']) then 'skip'
     when not enabled then 'alarm'
     else 'ok'
   end as status,
   case
+    when region = any(array['af-south-1', 'eu-south-1', 'cn-north-1', 'cn-northwest-1']) then title || ' node-to-node encryption not supported in ' || region || '.'
     when not enabled then title || ' node-to-node encryption disabled.'
     else title || ' node-to-node encryption enabled.'
   end as reason,
@@ -13,6 +15,4 @@ select
   region,
   account_id
 from
-  aws_elasticsearch_domain
-where
-  region != any (ARRAY ['af-south-1', 'eu-south-1', 'cn-north-1', 'cn-northwest-1']);
\ No newline at end of file
+  aws_elasticsearch_domain;
diff --git a/query/s3/s3_bucket_protected_by_macie.sql b/query/s3/s3_bucket_protected_by_macie.sql
new file mode 100644
index 00000000..e8128dd9
--- /dev/null
+++ b/query/s3/s3_bucket_protected_by_macie.sql
@@ -0,0 +1,27 @@
+with bucket_list as (
+  select
+    trim(b::text, '"' ) as bucket_name
+  from
+    aws_macie2_classification_job,
+    jsonb_array_elements(s3_job_definition -> 'BucketDefinitions') as d,
+    jsonb_array_elements(d -> 'Buckets') as b
+)
+select
+  -- Required Columns
+  b.arn as resource,
+  case
+    when b.region = any(array['us-gov-east-1', 'us-gov-west-1']) then 'skip'
+    when l.bucket_name is not null then 'ok'
+    else 'alarm'
+  end status,
+  case
+    when b.region = any(array['us-gov-east-1', 'us-gov-west-1']) then b.title || ' not protected by Macie as Macie is not supported in ' || b.region || '.'
+    when l.bucket_name is not null then b.title || ' protected by Macie.'
+    else b.title || ' not protected by Macie.'
+  end reason,
+  -- Additional Dimensions
+  b.region,
+  b.account_id
+from
+  aws_s3_bucket as b
+  left join bucket_list as l on b.name = l.bucket_name;