The organization conducts security control assessments using organization-defined forms of testing in accordance with organization-defined frequency and assessment techniques.
No STIG checks reference this CCI.