diff --git a/doc/metadata/rhel7/RHEL-07-010170.rst b/doc/metadata/rhel7/RHEL-07-010170.rst
index 041b401f..79240eab 100644
--- a/doc/metadata/rhel7/RHEL-07-010170.rst
+++ b/doc/metadata/rhel7/RHEL-07-010170.rst
@@ -1,7 +1,9 @@
 ---
 id: RHEL-07-010170
-status: not implemented
-tag: misc
+status: implemented
+tag: implemented
 ---
 
-This STIG requirement is not yet implemented.
+The PAM configuration file for password storage is checked to ensure that
+``sha512`` is found on the ``pam_unix.so`` line. If ``sha512`` is not found,
+a debug message is printed in the Ansible output.
diff --git a/tasks/rhel7stig/auth.yml b/tasks/rhel7stig/auth.yml
index 3e7a79ca..2682fc6d 100644
--- a/tasks/rhel7stig/auth.yml
+++ b/tasks/rhel7stig/auth.yml
@@ -51,6 +51,26 @@
     - RHEL-07-010150
     - RHEL-07-010160
 
+- name: Check for SHA512 password storage in PAM
+  command: "grep pam_unix.so {{ pam_password_file }}"
+  register: password_sha512_check
+  changed_when: False
+  check_mode: no
+  tags:
+    - always
+
+- name: RHEL-07-010170 - The PAM system service must be configured to store only encrypted representations of passwords.
+  debug:
+    msg: >
+      PAM is not using SHA512 for password storage. This is a security issue.
+  when:
+    - password_sha512_check is defined
+    - "'sha512' not in password_sha512_check.stdout"
+  tags:
+    - auth
+    - medium
+    - RHEL-07-010170
+
 - name: RHEL-07-010180 - The shadow file must be configured to store only encrypted representations of passwords.
   lineinfile:
     dest: /etc/login.defs