diff --git a/bindep.txt b/bindep.txt
index 7b742afa..19eafbea 100644
--- a/bindep.txt
+++ b/bindep.txt
@@ -10,7 +10,7 @@
 # will fall back to installing its default packages which
 # will potentially be detrimental to the tests executed.
 
-# Base requirements for Ubuntu
+# Base requirements for Ubuntu and Debian
 build-essential   [platform:dpkg]
 git-core          [platform:dpkg]
 libssl-dev        [platform:dpkg]
@@ -20,7 +20,8 @@ python2.7         [platform:dpkg]
 python-dev        [platform:dpkg]
 python-apt        [platform:dpkg]
 
-# Base requirements for CentOS
+# Base requirements for CentOS and Fedora
+redhat-rpm-config [platform:rpm]
 gcc               [platform:rpm]
 gcc-c++           [platform:rpm]
 git               [platform:rpm]
@@ -38,7 +39,11 @@ libselinux-python [platform:rpm]
 python-pyasn1               [platform:dpkg]
 python-openssl              [platform:dpkg]
 python2-pyasn1              [platform:rpm]
-python2-pyOpenSSL           [platform:rpm]
+python2-pyOpenSSL           [platform:centos]
+pyOpenSSL                   [platform:fedora]
+
+# Other Ansible requirements
+python2-dnf                 [platform:fedora]
 
 # Required for compressing collected log files in CI
 gzip
diff --git a/run_tests.sh b/run_tests.sh
index 44b0404d..561b5bd0 100755
--- a/run_tests.sh
+++ b/run_tests.sh
@@ -26,10 +26,14 @@ fi
 # Install bindep and tox with pip.
 sudo pip install bindep tox
 
+## Bindep pre-requisites
+# Fedora requires the redhat-lsb-core package.
 # CentOS 7 requires two additional packages:
 #   redhat-lsb-core - for bindep profile support
 #   epel-release    - required to install python-ndg_httpsclient/python2-pyasn1
-if which yum; then
+if [ -e /etc/fedora-release ]; then
+    sudo dnf -y install redhat-lsb-core
+elif [ -e /etc/centos-release ]; then
     sudo yum -y install redhat-lsb-core epel-release
 fi
 
@@ -44,7 +48,11 @@ if which apt-get; then
     DEBIAN_FRONTEND=noninteractive \
       sudo apt-get -q --option "Dpkg::Options::=--force-confold" \
       --assume-yes install $BINDEP_PKGS
-elif which yum; then
+elif [ -e /etc/fedora-release ]; then
+    if [[ ${#BINDEP_PKGS} > 0 ]]; then
+      sudo dnf install -y $BINDEP_PKGS
+    fi
+elif [ -e /etc/centos-release]; then
     # Don't run yum with an empty list of packages.
     # It will fail and cause the script to exit with an error.
     if [[ ${#BINDEP_PKGS} > 0 ]]; then
diff --git a/tasks/rhel7stig/dnf.yml b/tasks/rhel7stig/dnf.yml
new file mode 120000
index 00000000..8608996d
--- /dev/null
+++ b/tasks/rhel7stig/dnf.yml
@@ -0,0 +1 @@
+yum.yml
\ No newline at end of file
diff --git a/tasks/rhel7stig/main.yml b/tasks/rhel7stig/main.yml
index 2f18253f..85ce01b7 100644
--- a/tasks/rhel7stig/main.yml
+++ b/tasks/rhel7stig/main.yml
@@ -62,11 +62,7 @@
 
 # Package managers are managed first since the changes in these tasks will
 # affect the remainder of the tasks in the role.
-- include: apt.yml
-  when: ansible_os_family | lower == 'debian'
-
-- include: rpm.yml
-  when: ansible_os_family | lower == 'redhat'
+- include: "{{ ansible_pkg_mgr }}.yml"
 
 # The bulk of the security changes are applied in these tasks. The tasks in
 # each file are tagged with the same name (for example, tasks in `auth.yml`
diff --git a/tasks/rhel7stig/packages.yml b/tasks/rhel7stig/packages.yml
index 9e9e2a2a..8d81d6a4 100644
--- a/tasks/rhel7stig/packages.yml
+++ b/tasks/rhel7stig/packages.yml
@@ -36,7 +36,7 @@
 
 - name: V-71987 - Clean requirements/dependencies when removing packages (rpm)
   lineinfile:
-    dest: /etc/yum.conf
+    dest: "{{ pkg_mgr_config }}"
     regexp: "^(#)?clean_requirements_on_remove"
     line: "clean_requirements_on_remove=1"
     state: present
@@ -68,10 +68,13 @@
     path: /etc/yum/yum-cron.conf
   check_mode: no
   register: yum_cron_config_check
+  when:
+    - ansible_os_family | lower == 'redhat'
+    - ansible_pkg_mgr == 'yum'
   tags:
     - always
 
-- name: V-71999 - System security patches and updates must be installed and up to date. (yum)
+- name: Enable automatic package updates (yum)
   lineinfile:
     dest: /etc/yum/yum-cron.conf
     regexp: "^apply_updates"
@@ -79,6 +82,7 @@
     state: present
   when:
     - ansible_os_family | lower == 'redhat'
+    - ansible_pkg_mgr == 'yum'
     - yum_cron_config_check.stat.exists | bool
     - security_rhel7_automatic_package_updates | bool
   tags:
@@ -86,7 +90,49 @@
     - medium
     - V-71999
 
-- name: V-71999 - System security patches and updates must be installed and up to date. (apt)
+- name: Check if /etc/dnf/automatic.conf exists
+  stat:
+    path: /etc/dnf/automatic.conf
+  check_mode: no
+  register: dnf_automatic_config_check
+  when:
+    - ansible_os_family | lower == 'redhat'
+    - ansible_pkg_mgr == 'dnf'
+  tags:
+    - always
+
+- name: Enable automatic package updates (dnf)
+  lineinfile:
+    dest: /etc/dnf/automatic.conf
+    regexp: "^apply_updates"
+    line: "apply_updates = yes"
+    state: present
+  when:
+    - ansible_os_family | lower == 'redhat'
+    - ansible_pkg_mgr == 'dnf'
+    - dnf_automatic_config_check.stat.exists | bool
+    - security_rhel7_automatic_package_updates | bool
+  tags:
+    - packages
+    - medium
+    - V-71999
+
+- name: Enable dnf-automatic timer for automatic package updates
+  systemd:
+    name: dnf-automatic.timer
+    enabled: yes
+    state: started
+  when:
+    - ansible_os_family | lower == 'redhat'
+    - ansible_pkg_mgr == 'dnf'
+    - dnf_automatic_config_check.stat.exists | bool
+    - security_rhel7_automatic_package_updates | bool
+  tags:
+    - packages
+    - medium
+    - V-71999
+
+- name: Enable automatic package updates (apt)
   copy:
     src: 20auto-upgrades
     dest: /etc/apt/apt.conf.d/20auto-upgrades
diff --git a/tasks/rhel7stig/rpm.yml b/tasks/rhel7stig/yum.yml
similarity index 98%
rename from tasks/rhel7stig/rpm.yml
rename to tasks/rhel7stig/yum.yml
index d5d4228a..ce1c845c 100644
--- a/tasks/rhel7stig/rpm.yml
+++ b/tasks/rhel7stig/yum.yml
@@ -58,7 +58,7 @@
 
 - name: V-71977 - Require digital signatures for all packages
   lineinfile:
-    dest: /etc/yum.conf
+    dest: "{{ pkg_mgr_config }}"
     regexp: "{{ item.regexp }}"
     line: "{{ item.line }}"
     state: present
diff --git a/vars/redhat.yml b/vars/redhat.yml
index c3424218..46ea83ec 100644
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@@ -13,9 +13,9 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-## Variables for CentOS 7 and Red Hat Enterprise Linux 7
-# The following variables apply only to CentOS 7 and Red Hat Enterprise Linux 7
-# and deployers should not override them.
+## Variables for CentOS 7, Red Hat Enterprise Linux 7 and Fedora 25.
+# The following variables apply only to CentOS 7, Red Hat Enterprise Linux 7
+# and Fedora 25. Deployers should not override these.
 #
 # For more details, see 'vars/main.yml'.
 
@@ -31,6 +31,7 @@ aide_cron_job_path: /etc/cron.d/aide
 aide_database_file: /var/lib/aide/aide.db.gz
 chrony_conf_file: /etc/chrony.conf
 daemon_init_params_file: /etc/init.d/functions
+pkg_mgr_config: "{{ (ansible_pkg_mgr == 'yum') | ternary('/etc/yum.conf', '/etc/dnf/dnf.conf') }}"
 
 # Service names
 cron_service: crond
@@ -144,7 +145,7 @@ stig_packages_rhel7:
     state: "{{ security_package_state }}"
     enabled: "{{ security_enable_firewalld }}"
   - packages:
-      - yum-cron
+      - "{{ (ansible_pkg_mgr == 'yum') | ternary('yum-cron', 'dnf-automatic') }}"
     state: "{{ security_package_state }}"
     enabled: "{{ security_rhel7_automatic_package_updates }}"
   - packages: