We are using Microsoft's Base Line Security Analyzer tool to find and fix server vulnerabilities. We are wondering about industry standard for how often these tools should be run against our servers and if for that matter by using a tool like this will it satisfy security audits for hardening Microsoft Server Operating Systems.