SCP prevent user from changing s3:PutBucketPublicAccessBlock" only if the setting is currently already checked

Question

I currently have this Service Control Policy (SCP) in place to prevent user from changing s3:PutBucketPublicAccessBlock, but I only want to deny the action if the s