Monitor and scan for vulnerabilities in the system and hosted applications on an organization-defined frequency and/or randomly in accordance with organization-defined process.
No STIG checks reference this CCI.