The organization implements a continuous monitoring program that includes a determination of the security impact of changes to the information system.
No STIG checks reference this CCI.