The organization correlates the output from vulnerability scanning tools to determine the presence of multi-vulnerability/multi-hop attack vectors.
RA-5 (10) Guidance: If multiple tools are not used, this control is not applicable.