diff --git a/atomics/T1555.001/T1555.001.yaml b/atomics/T1555.001/T1555.001.yaml
index 8db9ff2965..a5acc1e44c 100644
--- a/atomics/T1555.001/T1555.001.yaml
+++ b/atomics/T1555.001/T1555.001.yaml
@@ -1,20 +1,30 @@
 attack_technique: T1555.001
 display_name: 'Credentials from Password Stores: Keychain'
 atomic_tests:
-- name: Keychain
-  auto_generated_guid: 1864fdec-ff86-4452-8c30-f12507582a93
-  description: |
-    ### Keychain Files
 
-      ~/Library/Keychains/
+- name: Keychain Dump 
+  auto_generated_guid: 88e1fa00-bf63-4e5b-a3e1-e2ea51c8cca6
+  description: |-
+    This command will dump keychain credential information from login.keychain. 
+    Source: https://www.loobins.io/binaries/security/
 
+    ### Keychain File path
+      ~/Library/Keychains/
       /Library/Keychains/
-
       /Network/Library/Keychains/
-
       [Security Reference](https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man1/security.1.html)
+      
+  supported_platforms:
+  - macos
+  executor:
+    command: sudo security dump-keychain -d login.keychain
+    name: sh
+    elevation_required: true
 
-      [Keychain dumper](https://github.com/juuso/keychaindump)
+- name: Export Certificate Item(s)
+  auto_generated_guid: 1864fdec-ff86-4452-8c30-f12507582a93
+  description: |
+    This command finds all certificate items and sends the output to local file in pem format.
   supported_platforms:
   - macos
   input_arguments:
@@ -24,19 +34,23 @@ atomic_tests:
       default: /tmp/certs.pem
   executor:
     command: |
-      security -h
       security find-certificate -a -p > #{cert_export}
-      security import #{cert_export} -k
+    cleanup_command: 'rm #{cert_export}'
     name: sh
+    elevation_required: false
 
-- name: Keychain Dump 
-  auto_generated_guid: 88e1fa00-bf63-4e5b-a3e1-e2ea51c8cca6
-  description: |-
-    This command will dump keychain credential information from login.keychain. 
-    Source: https://www.loobins.io/binaries/security/
+- name: Import Certificate Item(s) into Keychain
+  description: |
+    This command will import a certificate pem file into a keychain.
   supported_platforms:
   - macos
+  input_arguments:
+    cert_export:
+      description: Specify the path of the pem certificate file to import.
+      type: path
+      default: /tmp/certs.pem
   executor:
-    command: sudo security dump-keychain -d login.keychain
+    command: |
+      security import #{cert_export} -k
     name: sh
-    elevation_required: true
+    elevation_required: false