diff --git a/doc/source/developer-notes/V-38656.rst b/doc/source/developer-notes/V-38656.rst
new file mode 100644
index 00000000..df8c1c32
--- /dev/null
+++ b/doc/source/developer-notes/V-38656.rst
@@ -0,0 +1,4 @@
+Although the ``samba`` server isn't installed by Ubuntu or openstack-ansible
+by default, the Ansible tasks will check to see if the package is installed
+and the configuration file will be adjusted. If adjustments are made, the
+service will be restarted.
diff --git a/doc/source/developer-notes/V-38657.rst b/doc/source/developer-notes/V-38657.rst
new file mode 100644
index 00000000..00401a5a
--- /dev/null
+++ b/doc/source/developer-notes/V-38657.rst
@@ -0,0 +1,5 @@
+**Exception**
+
+Ubuntu and openstack-ansible do not currently configure any samba share mounts
+by default. However, deployers are urged to follow this STIG if they ever
+mount samba shares within their infrastructure.
diff --git a/handlers/main.yml b/handlers/main.yml
index 636d2385..25c1fbff 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -39,6 +39,11 @@
     name: rsyslog
     state: restarted
 
+- name: restart samba
+  service:
+    name: smbd
+    state: restarted
+
 - name: restart ssh
   service:
     name: ssh
diff --git a/tasks/misc.yml b/tasks/misc.yml
index a4593ffb..d1a0c145 100644
--- a/tasks/misc.yml
+++ b/tasks/misc.yml
@@ -119,6 +119,28 @@
    - cat3
    - V-38624
 
+- name: Check if samba is installed (for V-38656)
+  stat:
+    path: /etc/samba/smb.conf
+  register: v38656_result
+  changed_when: false
+  tags:
+    - cat3
+    - V-38656
+
+- name: V-38656 - System must use SMB client signing
+  lineinfile:
+    dest: /etc/samba/smb.conf
+    regexp: "^(;)?client signing"
+    line: "client signing = mandatory"
+    insertafter: "############ Misc ############"
+  when: v38656_result.stat.exists == True
+  notify:
+    - restart samba
+  tags:
+    - cat3
+    - V-38656
+
 - name: V-38675 - Process core dump must be disabled
   lineinfile:
     dest: /etc/security/limits.d/V-38675-coredump.conf