diff --git a/nomad/acl_endpoint.go b/nomad/acl_endpoint.go
index 7c382e4dcb9..8f3b3a0d6e2 100644
--- a/nomad/acl_endpoint.go
+++ b/nomad/acl_endpoint.go
@@ -219,9 +219,10 @@ func (a *ACL) GetPolicy(args *structs.ACLPolicySpecificRequest, reply *structs.S
 		return structs.ErrPermissionDenied
 	}
 
+	// If the policy is the anonymous one, anyone can get it
 	// If it is not a management token determine if it can get this policy
 	mgt := acl.IsManagement()
-	if !mgt {
+	if !mgt && args.Name != "anonymous" {
 		snap, err := a.srv.fsm.State().Snapshot()
 		if err != nil {
 			return err
diff --git a/nomad/acl_endpoint_test.go b/nomad/acl_endpoint_test.go
index 4f55a7e1dbe..6d2927f86e5 100644
--- a/nomad/acl_endpoint_test.go
+++ b/nomad/acl_endpoint_test.go
@@ -15,6 +15,7 @@ import (
 	"github.com/hashicorp/nomad/nomad/structs"
 	"github.com/hashicorp/nomad/testutil"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestACLEndpoint_GetPolicy(t *testing.T) {
@@ -28,10 +29,14 @@ func TestACLEndpoint_GetPolicy(t *testing.T) {
 	policy := mock.ACLPolicy()
 	s1.fsm.State().UpsertACLPolicies(1000, []*structs.ACLPolicy{policy})
 
+	anonymousPolicy := mock.ACLPolicy()
+	anonymousPolicy.Name = "anonymous"
+	s1.fsm.State().UpsertACLPolicies(1001, []*structs.ACLPolicy{anonymousPolicy})
+
 	// Create a token with one the policy
 	token := mock.ACLToken()
 	token.Policies = []string{policy.Name}
-	s1.fsm.State().UpsertACLTokens(1001, []*structs.ACLToken{token})
+	s1.fsm.State().UpsertACLTokens(1002, []*structs.ACLToken{token})
 
 	// Lookup the policy
 	get := &structs.ACLPolicySpecificRequest{
@@ -53,7 +58,7 @@ func TestACLEndpoint_GetPolicy(t *testing.T) {
 	if err := msgpackrpc.CallWithCodec(codec, "ACL.GetPolicy", get, &resp); err != nil {
 		t.Fatalf("err: %v", err)
 	}
-	assert.Equal(t, uint64(1000), resp.Index)
+	assert.Equal(t, uint64(1001), resp.Index)
 	assert.Nil(t, resp.Policy)
 
 	// Lookup the policy with the token
@@ -70,6 +75,20 @@ func TestACLEndpoint_GetPolicy(t *testing.T) {
 	}
 	assert.EqualValues(t, 1000, resp2.Index)
 	assert.Equal(t, policy, resp2.Policy)
+
+	// Lookup the anonymous policy with no token
+	get = &structs.ACLPolicySpecificRequest{
+		Name: anonymousPolicy.Name,
+		QueryOptions: structs.QueryOptions{
+			Region: "global",
+		},
+	}
+	var resp3 structs.SingleACLPolicyResponse
+	if err := msgpackrpc.CallWithCodec(codec, "ACL.GetPolicy", get, &resp3); err != nil {
+		require.NoError(t, err)
+	}
+	assert.EqualValues(t, 1001, resp3.Index)
+	assert.Equal(t, anonymousPolicy, resp3.Policy)
 }
 
 func TestACLEndpoint_GetPolicy_Blocking(t *testing.T) {