diff --git a/pkg/cli/cmds/agent.go b/pkg/cli/cmds/agent.go
index 35df58fe2f..925ebbbb1a 100644
--- a/pkg/cli/cmds/agent.go
+++ b/pkg/cli/cmds/agent.go
@@ -55,7 +55,7 @@ func NewAgentCommand() cli.Command {
 
 func AgentRun(clx *cli.Context) error {
 	switch profile {
-	case "cis-1.5":
+	case rke2.CISProfile:
 		if err := validateCISReqs("agent"); err != nil {
 			logrus.Fatal(err)
 		}
diff --git a/pkg/cli/cmds/root.go b/pkg/cli/cmds/root.go
index 0cb613adeb..466050313a 100644
--- a/pkg/cli/cmds/root.go
+++ b/pkg/cli/cmds/root.go
@@ -10,6 +10,7 @@ import (
 	"strings"
 
 	"github.com/rancher/k3s/pkg/version"
+	"github.com/rancher/rke2/pkg/rke2"
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli"
 )
@@ -39,7 +40,7 @@ var (
 		},
 		&cli.StringFlag{
 			Name:        "profile",
-			Usage:       "(security) Validate system configuration against the selected benchmark (valid items: cis-1.5)",
+			Usage:       "(security) Validate system configuration against the selected benchmark (valid items: " + rke2.CISProfile + ")",
 			EnvVar:      "RKE2_CIS_PROFILE",
 			Destination: &profile,
 		},
diff --git a/pkg/cli/cmds/server.go b/pkg/cli/cmds/server.go
index f389a414db..782a01824b 100644
--- a/pkg/cli/cmds/server.go
+++ b/pkg/cli/cmds/server.go
@@ -104,7 +104,7 @@ func NewServerCommand() cli.Command {
 
 func ServerRun(clx *cli.Context) error {
 	switch profile {
-	case "cis-1.5":
+	case rke2.CISProfile:
 		if err := validateCISReqs("server"); err != nil {
 			logrus.Fatal(err)
 		}
diff --git a/pkg/rke2/rke2.go b/pkg/rke2/rke2.go
index 1cc457c964..ef1b3e5737 100644
--- a/pkg/rke2/rke2.go
+++ b/pkg/rke2/rke2.go
@@ -28,6 +28,8 @@ type Config struct {
 
 var cisMode bool
 
+const CISProfile = "cis-1.5"
+
 func Server(clx *cli.Context, cfg Config) error {
 	if err := setup(clx, cfg); err != nil {
 		return err
@@ -63,19 +65,8 @@ func Agent(clx *cli.Context, cfg Config) error {
 }
 
 func setup(clx *cli.Context, cfg Config) error {
-	var dataDir string
-
-	for _, f := range clx.Command.Flags {
-		switch t := f.(type) {
-		case cli.StringFlag:
-			if strings.Contains(t.Name, "data-dir") {
-				dataDir = *t.Destination
-			} else if t.Name == "profile" && t.Destination != nil && *t.Destination != "" {
-				cisMode = true
-			}
-
-		}
-	}
+	cisMode = clx.String("profile") == CISProfile
+	dataDir := clx.String("data-dir")
 
 	images := images.New(cfg.SystemDefaultRegistry)
 	if err := defaults.Set(clx, images, dataDir); err != nil {