diff --git a/mantle/kola/cluster/cluster.go b/mantle/kola/cluster/cluster.go
index 5c22c0981b..d456976b5d 100644
--- a/mantle/kola/cluster/cluster.go
+++ b/mantle/kola/cluster/cluster.go
@@ -209,6 +209,16 @@ func (t *TestCluster) AssertCmdOutputContains(m platform.Machine, cmd string, ex
 	}
 }
 
+// AssertCmdOutputDoesNotContain runs cmd via SSH and panics if stdout contains unexpected
+func (t *TestCluster) AssertCmdOutputDoesNotContain(m platform.Machine, cmd string, unexpected string) {
+	t.LogJournal(m, "+ "+cmd)
+	outputBuf := t.MustSSH(m, cmd)
+	output := string(outputBuf)
+	if strings.Contains(output, unexpected) {
+		t.Fatalf("cmd %s unexpectedly contained %s", cmd, unexpected)
+	}
+}
+
 // AssertCmdOutputContains runs cmd via SSH and panics if stdout does not contain expected
 func (t *TestCluster) AssertCmdOutputMatches(m platform.Machine, cmd string, expected *regexp.Regexp) {
 	t.LogJournal(m, "+ "+cmd)
diff --git a/mantle/kola/tests/fips/fips.go b/mantle/kola/tests/fips/fips.go
index c1217305c3..4c4c7165f0 100644
--- a/mantle/kola/tests/fips/fips.go
+++ b/mantle/kola/tests/fips/fips.go
@@ -147,4 +147,11 @@ func fipsEnableTest(c cluster.TestCluster) {
 	m := c.Machines()[0]
 	c.AssertCmdOutputContains(m, `cat /proc/sys/crypto/fips_enabled`, "1")
 	c.AssertCmdOutputContains(m, `update-crypto-policies --show`, "FIPS")
+	// There should be no mounts over crypto-policies.
+	//
+	// Bind mounts are generated over /etc/crypto-policies/back-ends
+	// when FIPS is not setup correctly, and the FIPS dracut module
+	// fixes it.
+	// See: https://github.com/coreos/rhel-coreos-config/pull/259
+	c.AssertCmdOutputDoesNotContain(m, `cat /proc/self/mountinfo`, "crypto-policies")
 }