How can I find out what scan policies scan for a certain CVE?
My apologies. I misunderstood your question initially but now I see what you are looking for and I don't think the Policy Manager will do that. I was trying to do the same thing but for DoD STIGs and found no solution other than going through the tedious process of reviewing every single check in the policies which is not feasible for me. Good luck!
There may be a way to identify all the Policies that a check is enabled in using SQL Queries. I am not sure if the CVE numbers would be listed in alternate Columns or buried in the report fields. You would have to run this by Fortify Support (support.fortify.com) for details.