The organization requires information system integrators perform a vulnerability analysis to document risk mitigations.
No STIG checks reference this CCI.