diff --git a/lib/ansible/module_utils/facts.py b/lib/ansible/module_utils/facts.py
index bf286c2eb67..aff2b617395 100644
--- a/lib/ansible/module_utils/facts.py
+++ b/lib/ansible/module_utils/facts.py
@@ -173,6 +173,7 @@ class Facts(object):
             self.get_cmdline()
             self.get_public_ssh_host_keys()
             self.get_selinux_facts()
+            self.get_caps_facts()
             self.get_fips_facts()
             self.get_pkg_mgr_facts()
             self.get_service_mgr_facts()
@@ -184,6 +185,7 @@ class Facts(object):
             self.get_dns_facts()
             self.get_python_facts()
 
+
     def populate(self):
         return self.facts
 
@@ -697,6 +699,25 @@ class Facts(object):
             except OSError:
                 self.facts['selinux']['type'] = 'unknown'
 
+    def get_caps_facts(self):
+        capsh_path = module.get_bin_path('capsh')
+        if capsh_path:
+            rc, out, err = module.run_command([capsh_path, "--print"])
+            enforced_caps = []
+            enforced = 'NA'
+            for line in out.split('\n'):
+                if len(line) < 1:
+                    continue
+                if line.startswith('Current:'):
+                    if line.split(':')[1].strip() == '=ep':
+                        enforced = 'False'
+                    else:
+                        enforced = 'True'
+                        enforced_caps = [i.strip() for i in line.split('=')[1].split(',')]
+
+            self.facts['system_capabilities_enforced'] = enforced
+            self.facts['system_capabilities'] = enforced_caps
+
 
     def get_fips_facts(self):
         self.facts['fips'] = False