ISREDIT MACRO       /* CAAM0527 VIEW USERLIST report  */
 
/* 04/28/2010 CL Fenton Created to perform LOGONID checks.
/* 09/28/2010 CL Fenton Changes to correct use of fields for
/*            CSD-AR002322615.
/* 03/15/2011 CL Fenton Added GSKSRVR to list of trusted STC users.
/* 09/12/2011 CL Fenton Chgd ACF0580 to exclude logonids with MAXDAYS
/*            specified, CSD-AR002631712.  Added automation for
/*            ACF0710, ACF0720, ACF0750, ACF0770, and ACF0780,
/*            CSD-AR002893724.
/* 11/16/2011 CL Fenton Chgd ACF0580 check for attributes on users
/*            that specify JOB and RESTRICT, CSD-AR002631712.  Also
/*            added EMERAUDT to ACF0750.
/* 12/13/2011 CL Fenton Added EMERAUDT to ACF0710 and ACF0720 for
/*            CSD-AR003144636.
/* 02/07/2012 CL Fenton Corrected rc of 804 and 860 error on &NUM,
/*            CSD-AR003250750.
/* 04/17/2012 CL Fenton Chgd ACF0720 to evaluate only EMERAUDT, dropping
/*            SECAAUDT, CSD-AR003377476.
/* 10/26/2012 CL Fenton Chgd ACF0580 to bypass UID string check if UID
/*            string contain LID, CSD-AR002989446.
/* 11/28/2012 CL Fenton Chgd ACF0570 to allow special characters in the
/*            USRID field to avoid 804 error, STS-001305.
/* 05/22/2013 CL Fenton Bypassed evaluation of ACF0630, STS-001975.
/* 05/30/2013 CL Fenton Added FTPUSERS for ACF0570 and removed 254 day
/*            for FTP users to remove conflict between ACF0570 and
/*            ACF0390, STS-000796.  Also added the removal of EMERAUDT
/*            for ACF0570.
/* 08/30/2013 CL Fenton Chgd ACF0580 to check for PGM or PROGRAM, STS-003227.
/* 03/07/2014 CL Fenton Chgd ACF0570 to remove TSOPROC requirement, STS-004646.
/* 06/02/2014 CL Fenton Added exclusion of users with FTP in name for
/*            ACF0570, STS-005560.
/* 07/29/2014 CL Fenton Added evaluation of GROUP within ACF0570 to correct
/*            error that specified GROUP was missing within valid logonids,
/*            STS-006053.
/* 04/11/2016 CL Fenton Added TSS, TSSB, TSSBKUP, and TSSRESTN to trusted
/*            started task list, STS-013764.
/* 08/04/2016 CL Fenton Added SECAAUDT to list of authorized users that may
/*            have OPERATOR attribute, STS-015242.
/* 09/20/2016 CL Fenton Changed all references of IAO to ISSO.
/* 02/05/2018 CL Fenton Added CEA as trusted started task for ACF0640,
/*            STS-019223.
/* 06/29/2021 CL Fenton Chgs to remove ACF0570, ACF0610, ACF0670,
/*            and ACF0680, STS-026845.
 
SET PGMNAME = &STR(CAAM0527 06/29/21)
 
NGLOBAL PGMNAME RETURN_CODE PDIID PDIMBR ZERRSM DIALOG DSNAME
 
SET SYSPROMPT = OFF                /* CONTROL NOPROMPT          */
SET SYSFLUSH  = OFF                /* CONTROL NOFLUSH           */
SET SYSASIS   = ON                 /* CONTROL ASIS - caps off   */
 
/* ERROR ROUTINE */
ERROR DO
  SET RETURN_CODE = &LASTCC          /* SAVE LAST ERROR CODE */
  IF &LASTCC GE 16 THEN +
    WRITE &PGMNAME LASTCC = &LASTCC &ZERRLM
  RETURN
  END
 
/* *************************************** */
/* VARIABLES ARE PASSED TO THIS MACRO      */
/* CONSLIST                                */
/* COMLIST                                 */
/* SYMLIST                                 */
/* TERMMSGS                                */
/* *************************************** */
 
SET RETURN_CODE = 0
 
ISPEXEC VGET ( +
  CONSLIST     +
  COMLIST      +
  SYMLIST      +
  TERMMSGS     +
  PDIID        +
  DIALOG       +
  TYPERUN      +
  UIDLNTH      +
  UIDFLDS      +
  ) ASIS
 
SET AM527VG  = &RETURN_CODE
IF &RETURN_CODE NE 0 THEN DO
  WRITE &PGMNAME VGET RC = &RETURN_CODE  &ZERRSM
  WRITE &PGMNAME CONSLIST/&CONSLIST COMLIST/&COMLIST SYMLIST/&SYMLIST +
    TERMMSGS/&TERMMSGS
  WRITE &PGMNAME PDIID/&PDIID +
    TYPERUN/&TYPERUN
  WRITE &PGMNAME UIDLNTH/&UIDLNTH +
    UIDFLDS/&UIDFLDS
  SET RETURN_CODE = &RETURN_CODE + 16
  GOTO ERR_EXIT
  END
 
/* *************************************** */
/* TURN ON MESSAGES                        */
/* *************************************** */
 
SET SYSSYMLIST = &SYMLIST          /* CONTROL SYMLIST/NOSYMLIST */
SET SYSCONLIST = &CONSLIST         /* CONTROL CONLIST/NOCONLIST */
SET SYSLIST    = &COMLIST          /* CONTROL LIST/NOLIST       */
SET SYSMSG     = &TERMMSGS         /* CONTROL MSG/NOMSG         */
 
SET UIDLID = &STR(NO)
DO WHILE &SYSINDEX(&STR( LID ),&STR( &UIDFLDS )) GT 0
  SET A = &SYSINDEX(&STR( LID ),&STR( &UIDFLDS ))
  SET B = &SYSINDEX(&STR( ),&STR( &UIDFLDS ),&A+1)
  IF &A GT 0 THEN +
    SET UIDLID = &STR(YES)
  IF &A EQ 1 THEN +
    SET UIDFLDS = &SUBSTR(&B:&LENGTH(&STR(&UIDFLDS  )),+
      &STR(&UIDFLDS  ))
  ELSE +
    IF &B GT &LENGTH(&STR( &UIDFLDS)) THEN +
      SET UIDFLDS = &SUBSTR(2:&A-1,&STR( &UIDFLDS ))
    ELSE +
      SET UIDFLDS = &SUBSTR(2:&A,&STR( &UIDFLDS ))+
        &SUBSTR(&B:&LENGTH(&STR(&UIDFLDS)),&STR(&UIDFLDS ))
  END
 
SET UIDFLDS = &NRSTR(&UIDFLDS)
 
ISREDIT (MBRNAME)  = MEMBER
ISREDIT (DSNAME)   = DATASET
ISREDIT (LASTLINE) = LINENUM .ZLAST
ISREDIT (DW) = DATA_WIDTH
 
SET BLANK = &STR( )
SET SP = &STR(          )
SET SP = &STR(&SP&SP&SP&SP&SP&SP)
SET LP = &STR((
SET RP = )
SET CC = 30 + &UIDLNTH
 
SET PDIMBR = ACF0560
SET DETAIL_SW = 0
SET CURLINE = 0
 
/* *************************************** */
/* READ LOOP                               */
/* *************************************** */
 
ACF0560: +
SET RETURN_CODE = 0
SET CURLINE = &CURLINE + 1
 
IF &CURLINE GT &LASTLINE THEN GOTO ACF0560_END
 
ISREDIT (DATA) = LINE &CURLINE
 
SET USERID  = &SUBSTR(1:8,&NRSTR(&DATA))
SET NAME    = &SUBSTR(10:29,&NRSTR(&DATA))
 
SET CNT     = &CNT + 1
 
SET ERROR   = 0
SET NM =
IF &STR(&NAME)   EQ &STR( ) OR +
   &STR(&NAME)   GT &STR(9999999999) OR +
   &STR(&NAME)   EQ &STR(UNKNOWN ) THEN DO
  SET ERROR = &ERROR + 1
  SET NM = &STR( Invalid NAME)
  END
SET DETAIL_LINE =
SET A = 1
IF &NRSTR(&UIDLID) EQ &STR(NO) THEN DO
  DO WHILE &A LT &LENGTH(&STR(&UIDFLDS))
    SET B = &SYSINDEX(&STR( ),&STR(&UIDFLDS ),&A) - 1
    SET ATTR = &SUBSTR(&A:&B,&STR(&UIDFLDS))
    SET C = &SYSINDEX(&STR( &ATTR&LP),&NRSTR(&DATA))
    IF &C EQ 0 THEN DO
      SET ERROR = &ERROR + 1
      SET DETAIL_LINE = &NRSTR(&DETAIL_LINE)+
        &NRSTR(&ATTR )
      END
    SET A = &B + 2
    END
  END
 
IF &LENGTH(&NRSTR(&DETAIL_LINE)) GT 0 THEN DO
  SET DETAIL_LINE = &NRSTR(&DETAIL_LINE.are not specified)
  IF &NRSTR(&NM) NE &STR( ) THEN +
    SET NM = &NRSTR(&NM and)
  END
SET DETAIL_LINE = &NRSTR(&USERID &NAME&NM &DETAIL_LINE)
IF &ERROR EQ 0 THEN GOTO ACF0560
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(The following logonid&LP.s&RP does &LP.do&RP not +
    have the required field&LP.s&RP completed:)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET DETAIL_SW = &DETAIL_SW + 1
  END
 
SET AC = &STR(     &DETAIL_LINE)
 
ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
  DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
GOTO ACF0560
 
 
ACF0560_END: +
SET RETURN_CODE = 0
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(Not a Finding )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(All userid&LP.s&RP contain the required fields.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
      DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
ELSE DO
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(DISA recommendation: All logonid records must have +
    the users name, and specify each field that is defined in the +
    UID.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
 
SYSCALL ADD_MEMBER
 
ISREDIT (LASTLINE) = LINENUM .ZLAST
SET PDIMBR = ACF0580
SET DETAIL_SW = 0
SET CURLINE = 0
SET VALTBL = &STR(JOB RESTRICT PROGRAM PGM SUBAUTH SOURCE)
 
ISREDIT EXCLUDE " STC " ALL &CC &DW
ISREDIT EXCLUDE " MAXDAYS(" ALL &CC &DW
 
/* *************************************** */
/* READ LOOP                               */
/* *************************************** */
 
ACF0580: +
SET CURLINE = &CURLINE + 1
 
IF &CURLINE GT &LASTLINE THEN GOTO ACF0580_END
 
ISREDIT (STAT) = XSTATUS &CURLINE
 
IF &STR(&STAT) EQ &STR(X) THEN GOTO ACF0580
 
SET RETURN_CODE = 0
 
ISREDIT (DATA) = LINE &CURLINE
 
SET JTC_ATTR =
SET A = 1
DO WHILE &A LT &LENGTH(&STR(JOB TSO CICS))
  SET B = &SYSINDEX(&STR( ),&STR(JOB TSO CICS ),&A) - 1
  SET ATTR = &SUBSTR(&A:&B,&STR(JOB TSO CICS))
  SET C = &SYSINDEX(&STR( &ATTR ),&NRSTR(&DATA),&CC) + 1
  IF &C GT 1 THEN DO
    SET D = &SYSINDEX(&STR(&RP),&NRSTR(&DATA),&C)
    SET JTC_ATTR = &NRSTR(&JTC_ATTR)+
      &SUBSTR(&C,&NRSTR(&DATA))
    END
  ELSE +
    SET JTC_ATTR = &NRSTR(&JTC_ATTR)&STR( )
  SET A = &B + 2
  END
 
IF &STR(&JTC_ATTR) NE &STR(J  ) THEN GOTO ACF0580
IF &STR(&JTC_ATTR) NE &STR(J  ) OR +
   &SYSINDEX(&STR( RESTRICT ),&NRSTR(&DATA),&CC) EQ 0 THEN GOTO ACF0580
 
SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA))
 
SET A = 1
DO WHILE &A LT &LENGTH(&STR(&VALTBL))
  SET B = &SYSINDEX(&STR( ),&STR(&VALTBL ),&A) - 1
  SET ATTR = &SUBSTR(&A:&B,&STR(&VALTBL))
  SET C = &SYSINDEX(&STR( &ATTR),&NRSTR(&DATA),&CC) + 1
  IF &C GT 1 THEN DO
    SET D = &SYSINDEX(&STR( ),&NRSTR(&DATA),&C) - 1
    SET DETAIL_LINE = &NRSTR(&DETAIL_LINE) +
      &SUBSTR(&C:&D,&NRSTR(&DATA))
    END
  SET A = &B + 2
  END
 
IF &SYSINDEX(&STR( RESTRICT),&STR(&DETAIL_LINE)) GT 0 AND +
  (&SYSINDEX(&STR( SOURCE&LP),&STR(&DETAIL_LINE)) GT 0 OR +
  ((&SYSINDEX(&STR( PROGRAM&LP),&STR(&DETAIL_LINE)) GT 0 OR +
    &SYSINDEX(&STR( PGM&LP),&STR(&DETAIL_LINE)) GT 0) AND +
   &SYSINDEX(&STR( SUBAUTH),&STR(&DETAIL_LINE)) GT 0)) THEN +
  GOTO ACF0580
 
SET CNT     = &CNT + 1
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(The following batch logonid&LP.s&RP is &LP.are&RP +
    improperly defined:)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET DETAIL_SW = &DETAIL_SW + 1
  END
 
 
SET AC = &STR(     &DETAIL_LINE)
 
ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
  DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
GOTO ACF0580
 
 
ACF0580_END: +
SET RETURN_CODE = 0
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(Not a Finding )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(All restricted batch logonid&LP.s&RP contain the +
    required fields.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
      DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
ELSE DO
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(DISA recommendation: All restricted batch logonid +
    records must have one or both PGM&LP.xxxxxxxx&RP and SUBAUTH +
    or SOURCE&LP.xxxxxxxx&RP..)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
 
SYSCALL ADD_MEMBER
 
ISREDIT (LASTLINE) = LINENUM .ZLAST
SET PDIMBR = ACF0620
SET DETAIL_SW = 0
SET CURLINE = 0
SET VALTBL = &STR(STC MUSASS JOBFROM)
 
ISREDIT EXCLUDE " STC " ALL &CC &DW
 
/* *************************************** */
/* READ LOOP                               */
/* *************************************** */
 
ACF0620: +
SET CURLINE = &CURLINE + 1
 
IF &CURLINE GT &LASTLINE THEN GOTO ACF0620_END
 
ISREDIT (STAT) = XSTATUS &CURLINE
 
IF &STR(&STAT) EQ &STR(NX) THEN GOTO ACF0620
 
SET RETURN_CODE = 0
 
ISREDIT (DATA) = LINE &CURLINE
 
SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA))
 
SET A = 1
DO WHILE &A LT &LENGTH(&STR(&VALTBL))
  SET B = &SYSINDEX(&STR( ),&STR(&VALTBL ),&A) - 1
  SET ATTR = &SUBSTR(&A:&B,&STR(&VALTBL))
  SET C = &SYSINDEX(&STR( &ATTR),&NRSTR(&DATA),&CC) + 1
  IF &C GT 1 THEN DO
    SET D = &SYSINDEX(&STR( ),&NRSTR(&DATA),&C) - 1
    SET DETAIL_LINE = &NRSTR(&DETAIL_LINE) +
      &SUBSTR(&C:&D,&NRSTR(&DATA))
    END
  ELSE +
    SET DETAIL_LINE = &NRSTR(&DETAIL_LINE) &STR(NO&ATTR)
  SET A = &B + 2
  END
 
IF &SYSINDEX(&STR( MUSASS),&STR(&DETAIL_LINE)) EQ 0 THEN +
  GOTO ACF0620
IF &SYSINDEX(&STR( JOBFROM),&STR(&DETAIL_LINE)) GT 0 THEN +
  GOTO ACF0620
 
SET CNT     = &CNT + 1
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(The following STC logonid&LP.s&RP does &LP.do&RP +
    not have the JOBFROM attribute specified:)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET DETAIL_SW = &DETAIL_SW + 1
  END
 
SET AC = &STR(     &DETAIL_LINE)
 
ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
  DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
GOTO ACF0620
 
 
ACF0620_END: +
SET RETURN_CODE = 0
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(Not a Finding )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(All STC logonid&LP.s&RP that have the MUSASS +
    attribute and the requirement to submit jobs on behalf of its +
    users have the JOBFROM attribute specified.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
      DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
ELSE DO
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(DISA recommendation: All STC logonid&LP.s&RP that +
    have the MUSASS attribute and the requirement to submit jobs +
    on behalf of its users have the JOBFROM attribute specified.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
 
SYSCALL ADD_MEMBER
 
ISREDIT (LASTLINE) = LINENUM .ZLAST
SET PDIMBR = ACF0640
SET DETAIL_SW = 0
SET CURLINE = 0
SET VALTBL = &STR(STC NON-CNCL)
 
ISREDIT EXCLUDE " STC " ALL &CC &DW
 
/* *************************************** */
/* READ LOOP                               */
/* *************************************** */
 
ACF0640: +
SET CURLINE = &CURLINE + 1
 
IF &CURLINE GT &LASTLINE THEN GOTO ACF0640_END
 
ISREDIT (STAT) = XSTATUS &CURLINE
 
IF &STR(&STAT) EQ &STR(NX) THEN GOTO ACF0640
 
SET RETURN_CODE = 0
 
ISREDIT (DATA) = LINE &CURLINE
 
SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA))
 
SET A = 1
DO WHILE &A LT &LENGTH(&STR(&VALTBL))
  SET B = &SYSINDEX(&STR( ),&STR(&VALTBL ),&A) - 1
  SET ATTR = &SUBSTR(&A:&B,&STR(&VALTBL))
  SET C = &SYSINDEX(&STR( &ATTR),&NRSTR(&DATA),&CC) + 1
  IF &C GT 1 THEN DO
    SET D = &SYSINDEX(&STR( ),&NRSTR(&DATA),&C) - 1
    SET DETAIL_LINE = &NRSTR(&DETAIL_LINE) +
      &SUBSTR(&C:&D,&NRSTR(&DATA))
    END
  SET A = &B + 2
  END
 
SET USERID = &SUBSTR(1:8,&STR(&DETAIL_LINE))
IF &SYSINDEX(&STR( NON-CNCL ),&STR(&DETAIL_LINE )) GT 0 THEN +
  SELECT &STR(&USERID)
   WHEN (ACFBKUP)   GOTO ACF0640
   WHEN (ACF2)      GOTO ACF0640
   WHEN (APSWPROA)  GOTO ACF0640
   WHEN (APSWPROB)  GOTO ACF0640
   WHEN (APSWPROC)  GOTO ACF0640
   WHEN (APSWPROM)  GOTO ACF0640
   WHEN (APSWPROT)  GOTO ACF0640
   WHEN (CATALOG)   GOTO ACF0640
   WHEN (CEA)       GOTO ACF0640
   WHEN (CONSOLE)   GOTO ACF0640
   WHEN (DFHSM)     GOTO ACF0640
   WHEN (DFSMSHSM)  GOTO ACF0640
   WHEN (DFS)       GOTO ACF0640
   WHEN (DUMPSRV)   GOTO ACF0640
   WHEN (GPMSERVE)  GOTO ACF0640
   WHEN (GSKSRVR)   GOTO ACF0640
   WHEN (IEEVMPCR)  GOTO ACF0640
   WHEN (IOSAS)     GOTO ACF0640
   WHEN (IXGLOGR)   GOTO ACF0640
   WHEN (JESXCF)    GOTO ACF0640
   WHEN (JES2)      GOTO ACF0640
   WHEN (JES3)      GOTO ACF0640
   WHEN (LLA)       GOTO ACF0640
   WHEN (NFS)       GOTO ACF0640
   WHEN (OMVS)      GOTO ACF0640
   WHEN (OMVSKERN)  GOTO ACF0640
   WHEN (RACF)      GOTO ACF0640
   WHEN (RMF)       GOTO ACF0640
   WHEN (RMFGAT)    GOTO ACF0640
   WHEN (SMF)       GOTO ACF0640
   WHEN (SMS)       GOTO ACF0640
   WHEN (SMSRESTN)  GOTO ACF0640
   WHEN (SMSRESTR)  GOTO ACF0640
   WHEN (SMSVSAM)   GOTO ACF0640
   WHEN (TCPIP)     GOTO ACF0640
   WHEN (TSS)       GOTO ACF0640
   WHEN (TSSB)      GOTO ACF0640
   WHEN (TSSBKUP)   GOTO ACF0640
   WHEN (TSSRESTN)  GOTO ACF0640
   WHEN (VLF)       GOTO ACF0640
   WHEN (VTAM)      GOTO ACF0640
   WHEN (XCFAS)     GOTO ACF0640
   WHEN (ZFS)       GOTO ACF0640
   END
ELSE GOTO ACF0640
 
SET CNT     = &CNT + 1
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(The following authorization&LP.s&RP to the NON-CNCL +
    attribute is &LP.are&RP inappropriate:)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET DETAIL_SW = &DETAIL_SW + 1
  END
 
 
SET AC = &STR(     &DETAIL_LINE)
 
ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
  DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
GOTO ACF0640
 
 
ACF0640_END: +
SET RETURN_CODE = 0
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(Not a Finding )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(All started task logonid&LP.s&RP that contain +
    NON-CNCL attribute are Trusted Started Tasks.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
      DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
ELSE DO
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(DISA recommendation: That only Trusted Start +
    Task logonid&LP.s&RP may have the NON-CNCL attribute.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
 
SYSCALL ADD_MEMBER
 
ISREDIT (LASTLINE) = LINENUM .ZLAST
SET PDIMBR = ACF0660
SET DETAIL_SW = 0
SET CURLINE = 0
SET VALTBL = &STR(MAINT)
SET MAINTGRP =
SYSCALL GET_MAINT &STR(LID) MAINTGRP
 
/* *************************************** */
/* READ LOOP                               */
/* *************************************** */
 
ISREDIT CURSOR = 1 0
ACF0660: +
SET RETURN_CODE = 0
 
ISREDIT FIND ' MAINT ' &CC &DW
 
IF &RETURN_CODE GT 0 THEN GOTO ACF0660_END
 
ISREDIT (DATA) = LINE .ZCSR
 
SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA))
 
SET A = 1
DO WHILE &A LT &LENGTH(&STR(&VALTBL))
  SET B = &SYSINDEX(&STR( ),&STR(&VALTBL ),&A) - 1
  SET ATTR = &SUBSTR(&A:&B,&STR(&VALTBL))
  SET C = &SYSINDEX(&STR( &ATTR),&NRSTR(&DATA),&CC) + 1
  IF &C GT 1 THEN DO
    SET D = &SYSINDEX(&STR( ),&NRSTR(&DATA),&C) - 1
    SET DETAIL_LINE = &NRSTR(&DETAIL_LINE) +
      &SUBSTR(&C:&D,&NRSTR(&DATA))
    END
  SET A = &B + 2
  END
 
SET USERID = &SUBSTR(1:8,&STR(&DETAIL_LINE))
 
IF &SYSINDEX(&STR(#&USERID),&STR(&MAINTGRP)) GT 0 THEN GOTO ACF0660
 
SET CNT     = &CNT + 1
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(The following authorization&LP.s&RP does +
    &LP.do&RP not have a corresponding GSO MAINT record:)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET DETAIL_SW = &DETAIL_SW + 1
  END
 
SET AC = &STR(     &DETAIL_LINE)
 
ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
  DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
GOTO ACF0660
 
 
ACF0660_END: +
SET RETURN_CODE = 0
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(Not a Finding )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(All maintenance logonid&LP.s&RP have a +
    corresponding GSO MAINT record.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
      DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
ELSE DO
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(DISA recommendation: That all maintenance +
    logonid&LP.s&RP have a corresponding GSO MAINT record.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
 
SYSCALL ADD_MEMBER
 
ISREDIT (LASTLINE) = LINENUM .ZLAST
SET PDIMBR = ACF0710
SET DETAIL_SW = 0
SET CURLINE = 0
SET GROUP = &STR(SECAAUDT EMERAUDT)
 
SET A = 1
DO WHILE &A LT &LENGTH(&STR(&GROUP))
  SET B = &SYSINDEX(&STR( ),&STR(&GROUP ),&A) - 1
  SET ATTR = &SUBSTR(&A:&B,&STR(&GROUP))
  SYSCALL DIALOG_RTN &ATTR
  SET A = &B + 2
  END
 
ISREDIT CURSOR = 1 0
 
/* *************************************** */
/* READ LOOP                               */
/* *************************************** */
 
ACF0710: +
SET RETURN_CODE = 0
 
ISREDIT SEEK " REFRESH " &CC &DW
 
IF &RETURN_CODE GT 0 THEN GOTO ACF0710_END
 
ISREDIT (STAT) = XSTATUS .ZCSR
 
IF &STR(&STAT) EQ &STR(X) THEN GOTO ACF0710
 
SET RETURN_CODE = 0
 
ISREDIT (DATA) = LINE .ZCSR
 
SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA))
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(The following authorization&LP.s&RP to the REFRESH +
    attribute is &LP.are&RP inappropriate:)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET DETAIL_SW = &DETAIL_SW + 1
  END
 
SET AC = &STR(     &DETAIL_LINE)
 
ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
  DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
GOTO ACF0710
 
 
ACF0710_END: +
SET RETURN_CODE = 0
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(Not a Finding )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(All logonid&LP.s&RP with the REFRESH attribute +
    is &LP.are&RP assigned to an ISSO.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
      DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
ELSE DO
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(DISA recommendation: Ensure that all +
    logonid&LP.s&RP with the REFRESH attribute is &LP.are&RP +
    assigned to an ISSO.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
 
SYSCALL ADD_MEMBER
 
ISREDIT (LASTLINE) = LINENUM .ZLAST
SET PDIMBR = ACF0720
SET DETAIL_SW = 0
SET CURLINE = 0
SYSCALL DIALOG_RTN EMERAUDT
 
ISREDIT FIND " SUSPEND " ALL &CC &DW
ISREDIT CURSOR = 1 0
 
/* *************************************** */
/* READ LOOP                               */
/* *************************************** */
 
ACF0720: +
SET RETURN_CODE = 0
 
ISREDIT SEEK " REFRESH " &CC &DW
 
IF &RETURN_CODE GT 0 THEN GOTO ACF0720_END
 
ISREDIT (STAT) = XSTATUS .ZCSR
 
IF &STR(&STAT) EQ &STR(NX) THEN GOTO ACF0720
 
SET RETURN_CODE = 0
 
ISREDIT (DATA) = LINE .ZCSR
 
SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA))
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(The following authorization&LP.s&RP to the REFRESH +
    attribute is &LP.are&RP not in SUSPEND status:)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET DETAIL_SW = &DETAIL_SW + 1
  END
 
SET AC = &STR(     &DETAIL_LINE)
 
ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
  DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
GOTO ACF0720
 
 
ACF0720_END: +
SET RETURN_CODE = 0
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(Not a Finding )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(All logonid&LP.s&RP with the REFRESH attribute +
    is &LP.are&RP in SUSPEND status.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
      DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
ELSE DO
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(DISA recommendation: Ensure that all +
    logonid&LP.s&RP with the REFRESH attribute is &LP.are&RP +
    in SUSPEND status unless in actual use.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
 
SYSCALL ADD_MEMBER
 
ISREDIT (LASTLINE) = LINENUM .ZLAST
SET PDIMBR = ACF0750
SET DETAIL_SW = 0
SET CURLINE = 0
SET GROUP = &STR(SECAAUDT SECBAUDT EMERAUDT)
 
SET A = 1
DO WHILE &A LT &LENGTH(&STR(&GROUP))
  SET B = &SYSINDEX(&STR( ),&STR(&GROUP ),&A) - 1
  SET ATTR = &SUBSTR(&A:&B,&STR(&GROUP))
  SYSCALL DIALOG_RTN &ATTR
  SET A = &B + 2
  END
 
ISREDIT CURSOR = 1 0
/* *************************************** */
/* READ LOOP                               */
/* *************************************** */
 
ACF0750: +
SET CURLINE = &CURLINE + 1
 
IF &CURLINE GT &LASTLINE THEN GOTO ACF0750_END
 
ISREDIT (STAT) = XSTATUS &CURLINE
 
IF &STR(&STAT) EQ &STR(X) THEN GOTO ACF0750
 
SET RETURN_CODE = 0
 
ISREDIT (DATA) = LINE &CURLINE
 
IF &SYSINDEX(&STR( ACCOUNT ),&NRSTR(&DATA ),&CC) EQ 0 AND +
   &SYSINDEX(&STR( LEADER ),&NRSTR(&DATA ),&CC) EQ 0 AND +
   &SYSINDEX(&STR( SECURITY ),&NRSTR(&DATA ),&CC) EQ 0 THEN +
  GOTO ACF0750
 
IF &SYSINDEX(&STR( SCPLIST&LP),&NRSTR(&DATA ),&CC) GT 0 THEN +
  GOTO ACF0750
 
SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA))
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(The following logonid&LP.s&RP with special +
    attributes is &LP.are&RP not scoped:)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET DETAIL_SW = &DETAIL_SW + 1
  END
 
SET AC = &STR(     &DETAIL_LINE)
 
ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
  DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
GOTO ACF0750
 
 
ACF0750_END: +
SET RETURN_CODE = 0
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(Not a Finding )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(All logonid&LP.s&RP with special attributes is +
    &LP.are&RP scoped.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
      DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
ELSE DO
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(DISA recommendation: Ensure that all +
    logonid&LP.s&RP with special attributes is &LP.are&RP +
    scoped.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
 
SYSCALL ADD_MEMBER
 
ISREDIT (LASTLINE) = LINENUM .ZLAST
SET PDIMBR = ACF0760
SET DETAIL_SW = 0
SET CURLINE = 0
SET VALTBL = &STR(SECURITY RSRCVLD RULEVLD)
SET TESTTBL = &STR(RSRCVLD RULEVLD)
 
ISREDIT EXCLUDE " SECURITY " ALL &CC &DW
 
/* *************************************** */
/* READ LOOP                               */
/* *************************************** */
 
ACF0760: +
SET CURLINE = &CURLINE + 1
 
IF &CURLINE GT &LASTLINE THEN GOTO ACF0760_END
 
ISREDIT (STAT) = XSTATUS &CURLINE
 
IF &STR(&STAT) EQ &STR(NX) THEN GOTO ACF0760
 
SET RETURN_CODE = 0
 
ISREDIT (DATA) = LINE &CURLINE
 
SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA))
 
SET A = 1
DO WHILE &A LT &LENGTH(&STR(&VALTBL))
  SET B = &SYSINDEX(&STR( ),&STR(&VALTBL ),&A) - 1
  SET ATTR = &SUBSTR(&A:&B,&STR(&VALTBL))
  SET C = &SYSINDEX(&STR( &ATTR),&NRSTR(&DATA),&CC) + 1
  IF &C GT 1 THEN DO
    SET D = &SYSINDEX(&STR( ),&NRSTR(&DATA),&C) - 1
    SET DETAIL_LINE = &NRSTR(&DETAIL_LINE) +
      &SUBSTR(&C:&D,&NRSTR(&DATA))
    END
  ELSE +
    SET DETAIL_LINE = &NRSTR(&DETAIL_LINE) &STR(NO&ATTR)
  SET A = &B + 2
  END
 
SET CNT     = &CNT + 1
 
SET A = 1
SET ERROR   = 0
DO WHILE &A LT &LENGTH(&STR(&TESTTBL))
  SET B = &SYSINDEX(&STR( ),&STR(&TESTTBL ),&A) - 1
  SET ATTR = &SUBSTR(&A:&B,&STR(&TESTTBL))
  SET C = &SYSINDEX(&STR( &ATTR),&NRSTR(&DETAIL_LINE))
  SET E = &LENGTH(&NRSTR(&DETAIL_LINE ))
  IF &C GT 1 THEN DO
    SET D = &SYSINDEX(&STR( ),&NRSTR(&DETAIL_LINE),&C+1) + 1
    SET DETAIL_LINE = &SUBSTR(1:&C,&NRSTR(&DETAIL_LINE))+
      &SUBSTR(&D:&E,&NRSTR(&DETAIL_LINE  ))
    END
  ELSE +
    SET ERROR = &ERROR + 1
  SET A = &B + 2
  END
 
IF &ERROR EQ 0 THEN GOTO ACF0760
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(The following logonid&LP.s&RP with the SECURITY +
    attribute does &LP.do&RP not have the RULEVLD and/or RSRCVLD +
    attributes specified:)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET DETAIL_SW = &DETAIL_SW + 1
  END
 
SET AC = &STR(     &DETAIL_LINE)
 
ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
  DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
GOTO ACF0760
 
 
ACF0760_END: +
SET RETURN_CODE = 0
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(Not a Finding )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(All logonid&LP.s&RP with the SECURITY attribute +
    have the RULEVLD and RSRCVLD attributes specified.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
      DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
ELSE DO
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(DISA recommendation: Ensure that all +
    logonid&LP.s&RP with the SECURITY attribute have the RULEVLD +
    and RSRCVLD attributes specified.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
 
SYSCALL ADD_MEMBER
 
ISREDIT (LASTLINE) = LINENUM .ZLAST
SET PDIMBR = ACF0770
SET DETAIL_SW = 0
SET CURLINE = 0
SYSCALL DIALOG_RTN SECAAUDT
 
ISREDIT CURSOR = 1 0
 
/* *************************************** */
/* READ LOOP                               */
/* *************************************** */
 
ACF0770: +
SET RETURN_CODE = 0
 
ISREDIT SEEK " ACCTPRIV " &CC &DW
 
IF &RETURN_CODE GT 0 THEN GOTO ACF0770_END
 
ISREDIT (STAT) = XSTATUS .ZCSR
 
IF &STR(&STAT) EQ &STR(X) THEN GOTO ACF0770
 
SET RETURN_CODE = 0
 
ISREDIT (DATA) = LINE .ZCSR
 
SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA))
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(The following authorization&LP.s&RP to the ACCTPRIV +
    attribute is &LP.are&RP inappropriate:)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET DETAIL_SW = &DETAIL_SW + 1
  END
 
SET AC = &STR(     &DETAIL_LINE)
 
ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
  DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
GOTO ACF0770
 
 
ACF0770_END: +
SET RETURN_CODE = 0
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(Not a Finding )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(All logonid&LP.s&RP with the ACCTPRIV attribute +
    is &LP.are&RP assigned to an ISSO.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
      DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
ELSE DO
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(DISA recommendation: Ensure that all +
    logonid&LP.s&RP with the ACCTPRIV attribute is &LP.are&RP +
    assigned to an ISSO.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
 
SYSCALL ADD_MEMBER
 
ISREDIT (LASTLINE) = LINENUM .ZLAST
SET PDIMBR = ACF0780
SET DETAIL_SW = 0
SET CURLINE = 0
SET GROUP = &STR(SECAAUDT AUDTAUDT)
 
SET A = 1
DO WHILE &A LT &LENGTH(&STR(&GROUP))
  SET B = &SYSINDEX(&STR( ),&STR(&GROUP ),&A) - 1
  SET ATTR = &SUBSTR(&A:&B,&STR(&GROUP))
  SYSCALL DIALOG_RTN &ATTR
  SET A = &B + 2
  END
 
ISREDIT CURSOR = 1 0
 
/* *************************************** */
/* READ LOOP                               */
/* *************************************** */
 
ACF0780: +
SET CURLINE = &CURLINE + 1
 
IF &CURLINE GT &LASTLINE THEN GOTO ACF0780_END
 
ISREDIT (STAT) = XSTATUS &CURLINE
 
IF &STR(&STAT) EQ &STR(X) THEN GOTO ACF0780
 
SET RETURN_CODE = 0
 
ISREDIT (DATA) = LINE &CURLINE
 
IF &SYSINDEX(&STR( AUDIT ),&NRSTR(&DATA ),&CC) EQ 0 AND +
   &SYSINDEX(&STR( CONSULT ),&NRSTR(&DATA ),&CC) EQ 0 THEN +
  GOTO ACF0780
 
IF &SYSINDEX(&STR( SCPLIST&LP),&NRSTR(&DATA ),&CC) GT 0 THEN +
  GOTO ACF0780
 
SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA))
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(The following logonid&LP.s&RP with the AUDIT +
    and/or CONSULT attributes is &LP.are&RP not scoped:)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET DETAIL_SW = &DETAIL_SW + 1
  END
 
SET AC = &STR(     &DETAIL_LINE)
 
ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
  DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
GOTO ACF0780
 
 
ACF0780_END: +
SET RETURN_CODE = 0
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(Not a Finding )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(All logonid&LP.s&RP with the AUDIT and/or CONSULT +
    attributes is &LP.are&RP scoped.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
      DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
ELSE DO
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(DISA recommendation: Ensure that all +
    logonid&LP.s&RP with the AUDIT and/or CONSULT attributes is +
    &LP.are&RP scoped.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
 
SYSCALL ADD_MEMBER
 
ISREDIT (LASTLINE) = LINENUM .ZLAST
SET PDIMBR = ACF0800
SET DETAIL_SW = 0
SET CURLINE = 0
SET TESTTBL = &STR(TAPE-LBL TAPE-BLP)
 
ISREDIT (LASTLINE) = LINENUM .ZLAST
 
SET GROUP = &STR(SYSPAUDT OPERAUDT)
 
SET A = 1
DO WHILE &A LT &LENGTH(&STR(&GROUP))
  SET B = &SYSINDEX(&STR( ),&STR(&GROUP ),&A) - 1
  SET ATTR = &SUBSTR(&A:&B,&STR(&GROUP))
  SYSCALL DIALOG_RTN &ATTR
  SET A = &B + 2
  END
 
/* *************************************** */
/* READ LOOP                               */
/* *************************************** */
 
ACF0800: +
SET CURLINE = &CURLINE + 1
 
IF &CURLINE GT &LASTLINE THEN GOTO ACF0800_END
 
ISREDIT (STAT) = XSTATUS &CURLINE
 
IF &STR(&STAT) EQ &STR(X) THEN GOTO ACF0800
 
SET RETURN_CODE = 0
 
ISREDIT (DATA) = LINE &CURLINE
 
SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA))
 
SET A = 1
SET ERROR   = 0
DO WHILE &A LT &LENGTH(&STR(&TESTTBL))
  SET B = &SYSINDEX(&STR( ),&STR(&TESTTBL ),&A) - 1
  SET ATTR = &SUBSTR(&A:&B,&STR(&TESTTBL))
  SET C = &SYSINDEX(&STR( &ATTR),&NRSTR(&DATA),&CC) + 1
  IF &C GT 1 THEN DO
    SET D = &SYSINDEX(&STR( ),&NRSTR(&DATA),&C) - 1
    SET DETAIL_LINE = &NRSTR(&DETAIL_LINE) +
      &SUBSTR(&C:&D,&NRSTR(&DATA))
    SET ERROR = &ERROR + 1
    END
  SET A = &B + 2
  END
 
SET CNT     = &CNT + 1
 
IF &ERROR EQ 0 THEN GOTO ACF0800
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(The following authorization&LP.s&RP to the +
    TAPE-LBL and/or TAPE-BLP privileges is &LP.are&RP +
    inappropriate:)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET DETAIL_SW = &DETAIL_SW + 1
  END
 
SET AC = &STR(     &DETAIL_LINE)
 
ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
  DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
GOTO ACF0800
 
 
ACF0800_END: +
SET RETURN_CODE = 0
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(Not a Finding )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(All logonid&LP.s&RP that contain TAPE-LBL and/or +
    TAPE-BLP attribute are justified.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
ELSE DO
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(DISA recommendation: That TAPE-LBL and/or +
    TAPE-BLP attribute may be limited to systems programmer and +
    operations personnel.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
 
SYSCALL ADD_MEMBER
 
ISREDIT (LASTLINE) = LINENUM .ZLAST
SET PDIMBR = ACF0820
SET DETAIL_SW = 0
SET CURLINE = 0
SET TESTTBL = &STR(CONSOLE)
 
ISREDIT (LASTLINE) = LINENUM .ZLAST
 
/* *************************************** */
/* READ LOOP                               */
/* *************************************** */
 
ACF0820: +
SET CURLINE = &CURLINE + 1
 
IF &CURLINE GT &LASTLINE THEN GOTO ACF0820_END
 
SET RETURN_CODE = 0
 
ISREDIT (DATA) = LINE &CURLINE
 
SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA))
 
SET A = 1
SET ERROR   = 0
DO WHILE &A LT &LENGTH(&STR(&TESTTBL))
  SET B = &SYSINDEX(&STR( ),&STR(&TESTTBL ),&A) - 1
  SET ATTR = &SUBSTR(&A:&B,&STR(&TESTTBL))
  SET C = &SYSINDEX(&STR( &ATTR),&NRSTR(&DATA),&CC) + 1
  IF &C GT 1 THEN DO
    SET D = &SYSINDEX(&STR( ),&NRSTR(&DATA),&C) - 1
    SET DETAIL_LINE = &NRSTR(&DETAIL_LINE) +
      &SUBSTR(&C:&D,&NRSTR(&DATA))
    SET ERROR = &ERROR + 1
    END
  SET A = &B + 2
  END
 
SET CNT     = &CNT + 1
 
IF &ERROR EQ 0 THEN GOTO ACF0820
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(The following authorization&LP.s&RP to the +
    CONSOLE privilege is &LP.are&RP inappropriate:)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET DETAIL_SW = &DETAIL_SW + 1
  END
 
SET AC = &STR(     &DETAIL_LINE)
 
ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
  DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
GOTO ACF0820
 
 
ACF0820_END: +
SET RETURN_CODE = 0
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(Not a Finding )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(All logonid&LP.s&RP that contain CONSOLE +
    attribute are justified.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
ELSE DO
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(DISA recommendation: Access to the CONSOLE +
    attribute is kept to a minimum and is controlled and +
    documented.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
 
SYSCALL ADD_MEMBER
 
ISREDIT (LASTLINE) = LINENUM .ZLAST
SET PDIMBR = ACF0830
SET DETAIL_SW = 0
SET CURLINE = 0
SET TESTTBL = &STR(ALLCMDS)
 
ISREDIT (LASTLINE) = LINENUM .ZLAST
 
/* *************************************** */
/* READ LOOP                               */
/* *************************************** */
 
ACF0830: +
SET CURLINE = &CURLINE + 1
 
IF &CURLINE GT &LASTLINE THEN GOTO ACF0830_END
 
SET RETURN_CODE = 0
 
ISREDIT (DATA) = LINE &CURLINE
 
SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA))
 
SET A = 1
SET ERROR   = 0
DO WHILE &A LT &LENGTH(&STR(&TESTTBL))
  SET B = &SYSINDEX(&STR( ),&STR(&TESTTBL ),&A) - 1
  SET ATTR = &SUBSTR(&A:&B,&STR(&TESTTBL))
  SET C = &SYSINDEX(&STR( &ATTR),&NRSTR(&DATA),&CC) + 1
  IF &C GT 1 THEN DO
    SET D = &SYSINDEX(&STR( ),&NRSTR(&DATA),&C) - 1
    SET DETAIL_LINE = &NRSTR(&DETAIL_LINE) +
      &SUBSTR(&C:&D,&NRSTR(&DATA))
    SET ERROR = &ERROR + 1
    END
  SET A = &B + 2
  END
 
SET CNT     = &CNT + 1
 
IF &ERROR EQ 0 THEN GOTO ACF0830
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(The following authorization&LP.s&RP to the +
    ALLCMDS privilege is &LP.are&RP inappropriate:)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET DETAIL_SW = &DETAIL_SW + 1
  END
 
SET AC = &STR(     &DETAIL_LINE)
 
ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
  DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
GOTO ACF0830
 
 
ACF0830_END: +
SET RETURN_CODE = 0
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(Not a Finding )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(All logonid&LP.s&RP that contain ALLCMDS +
    attribute are justified.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
ELSE DO
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(DISA recommendation: Access to the ALLCMDS +
    attribute is kept to a minimum and is controlled and +
    documented.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
 
SYSCALL ADD_MEMBER
 
ISREDIT (LASTLINE) = LINENUM .ZLAST
SET PDIMBR = ACF0840
SET DETAIL_SW = 0
SET CURLINE = 0
SET TESTTBL = &STR(PPGM)
 
ISREDIT (LASTLINE) = LINENUM .ZLAST
 
SET GROUP = &STR(SYSPAUDT OPERAUDT)
 
SET A = 1
DO WHILE &A LT &LENGTH(&STR(&GROUP))
  SET B = &SYSINDEX(&STR( ),&STR(&GROUP ),&A) - 1
  SET ATTR = &SUBSTR(&A:&B,&STR(&GROUP))
  SYSCALL DIALOG_RTN &ATTR
  SET A = &B + 2
  END
 
 
/* *************************************** */
/* READ LOOP                               */
/* *************************************** */
 
ACF0840: +
SET CURLINE = &CURLINE + 1
 
IF &CURLINE GT &LASTLINE THEN GOTO ACF0840_END
 
ISREDIT (STAT) = XSTATUS &CURLINE
 
IF &STR(&STAT) EQ &STR(X) THEN GOTO ACF0840
 
SET RETURN_CODE = 0
 
ISREDIT (DATA) = LINE &CURLINE
 
SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA))
 
SET A = 1
SET ERROR   = 0
DO WHILE &A LT &LENGTH(&STR(&TESTTBL))
  SET B = &SYSINDEX(&STR( ),&STR(&TESTTBL ),&A) - 1
  SET ATTR = &SUBSTR(&A:&B,&STR(&TESTTBL))
  SET C = &SYSINDEX(&STR( &ATTR),&NRSTR(&DATA),&CC) + 1
  IF &C GT 1 THEN DO
    SET D = &SYSINDEX(&STR( ),&NRSTR(&DATA),&C) - 1
    SET DETAIL_LINE = &NRSTR(&DETAIL_LINE) +
      &SUBSTR(&C:&D,&NRSTR(&DATA))
    SET ERROR = &ERROR + 1
    END
  SET A = &B + 2
  END
 
SET CNT     = &CNT + 1
 
IF &ERROR EQ 0 THEN GOTO ACF0840
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(The following authorization&LP.s&RP to the +
    PPGM privilege is &LP.are&RP inappropriate:)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET DETAIL_SW = &DETAIL_SW + 1
  END
 
 
SET AC = &STR(     &DETAIL_LINE)
 
ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
  DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
GOTO ACF0840
 
 
ACF0840_END: +
SET RETURN_CODE = 0
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(Not a Finding )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(All logonid&LP.s&RP that contain PPGM +
    attribute are justified.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
ELSE DO
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(DISA recommendation: Access to the PPGM +
    attribute is kept to a minimum and is controlled and +
    documented.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
 
SYSCALL ADD_MEMBER
 
 
ISREDIT (LASTLINE) = LINENUM .ZLAST
SET PDIMBR = ACF0850
SET DETAIL_SW = 0
SET CURLINE = 0
SET TESTTBL = &STR(OPERATOR)
 
ISREDIT (LASTLINE) = LINENUM .ZLAST
 
SET GROUP = &STR(SYSPAUDT OPERAUDT SECAAUDT)
 
SET A = 1
DO WHILE &A LT &LENGTH(&STR(&GROUP))
  SET B = &SYSINDEX(&STR( ),&STR(&GROUP ),&A) - 1
  SET ATTR = &SUBSTR(&A:&B,&STR(&GROUP))
  SYSCALL DIALOG_RTN &ATTR
  SET A = &B + 2
  END
 
 
/* *************************************** */
/* READ LOOP                               */
/* *************************************** */
 
ACF0850: +
SET CURLINE = &CURLINE + 1
 
IF &CURLINE GT &LASTLINE THEN GOTO ACF0850_END
 
ISREDIT (STAT) = XSTATUS &CURLINE
 
IF &STR(&STAT) EQ &STR(X) THEN GOTO ACF0850
 
SET RETURN_CODE = 0
 
ISREDIT (DATA) = LINE &CURLINE
 
SET DETAIL_LINE = &SUBSTR(1:29,&NRSTR(&DATA))
 
SET A = 1
SET ERROR   = 0
DO WHILE &A LT &LENGTH(&STR(&TESTTBL))
  SET B = &SYSINDEX(&STR( ),&STR(&TESTTBL ),&A) - 1
  SET ATTR = &SUBSTR(&A:&B,&STR(&TESTTBL))
  SET C = &SYSINDEX(&STR( &ATTR),&NRSTR(&DATA),&CC) + 1
  IF &C GT 1 THEN DO
    SET D = &SYSINDEX(&STR( ),&NRSTR(&DATA),&C) - 1
    SET DETAIL_LINE = &NRSTR(&DETAIL_LINE) +
      &SUBSTR(&C:&D,&NRSTR(&DATA))
    SET ERROR = &ERROR + 1
    END
  SET A = &B + 2
  END
 
SET CNT     = &CNT + 1
 
IF &ERROR EQ 0 THEN GOTO ACF0850
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(The following authorization&LP.s&RP to the +
    OPERATOR privilege is &LP.are&RP inappropriate:)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET DETAIL_SW = &DETAIL_SW + 1
  END
 
 
SET AC = &STR(     &DETAIL_LINE)
 
ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
  DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
GOTO ACF0850
 
 
ACF0850_END: +
SET RETURN_CODE = 0
 
IF &DETAIL_SW EQ 0 THEN DO
  SET AC = &STR(Not a Finding )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(All logonid&LP.s&RP that contain OPERATOR +
    attribute are justified.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
ELSE DO
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(DISA recommendation: Access to the OPERATOR +
    attribute is kept to a minimum and is controlled and +
    documented.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
 
SYSCALL ADD_MEMBER
 
 
/* *************************************** */
/* END of program                          */
/* *************************************** */
 
 
END_EXIT: +
SET RETURN_CODE = 0
 
ERR_EXIT: +
IF &MAXCC GE 16 OR +
   &RETURN_CODE GT 0 THEN DO
  ISPEXEC VGET (ZISPFRC) SHARED
  IF &MAXCC GT &ZISPFRC THEN +
    SET ZISPFRC = &MAXCC
  ELSE +
    SET ZISPFRC = &RETURN_CODE
  ISPEXEC VPUT (ZISPFRC) SHARED
  WRITE &PGMNAME ZISPFRC = &ZISPFRC
  END
 
SET AM527RC = &RETURN_CODE
 
ISPEXEC VPUT ( +
  AM527VG      +
  AM527RC      +
  ) ASIS
 
ISREDIT CANCEL
 
EXIT CODE(0)
/*ISREDIT MEND
 
 
/* *************************************** */
/*  SYSCALL SUBROUTINES                    */
/* *************************************** */
 
ADD_MEMBER: PROC 0
 
IF &PDIMBR EQ &STR( ) THEN +
  RETURN CODE(0)
SET ZEDSMSG = FINISHED
SET ZEDLMSG = &STR(Finished processing &PDIMBR.)
ISPEXEC LOG MSG(ISRZ000)
 
SET RETURN_CODE = 0
 
ISPEXEC LMMADD DATAID(&PDIID) MEMBER(&PDIMBR)
 
IF &RETURN_CODE EQ 4 THEN DO          /* MEMBER ALREADY EXISTS
  SET RETURN_CODE = 0
 
  ISPEXEC LMMREP DATAID(&PDIID) MEMBER(&PDIMBR)
 
  IF &RETURN_CODE NE 0 THEN DO
    WRITE &PGMNAME LMMREP_PDI_RCODE = &RETURN_CODE &PDIMBR  &ZERRSM
    END
  END
ELSE DO
  IF &RETURN_CODE NE 0 THEN +
    WRITE &PGMNAME LMMADD_PDI_RCODE = &RETURN_CODE &PDIMBR  &ZERRSM
  END
 
ISREDIT RESET
ISREDIT DELETE ALL NX
SET RETURN_CODE = 0
ISREDIT COPY '&DSNAME' AFTER .ZF
 
END
 
 
DIALOG_RTN: PROC 1 AUMBR
 
SET RETURN_CODE = 0
 
ISPEXEC LMMFIND DATAID(&DIALOG) MEMBER(&AUMBR)
 
SET LMMFIND_DIALOG_RC = &RETURN_CODE
IF &RETURN_CODE NE 0 THEN DO
  WRITE &PGMNAME Authorized user list &AUMBR not found.
  RETURN
  END
 
GET_NEXT_USR: +
SET RETURN_CODE = 0
 
ISPEXEC LMGET DATAID(&DIALOG) MODE(INVAR) DATALOC(URECORD) +
  MAXLEN(80) DATALEN(LRECL)
 
SET LMGET_DIALOG_RC = &RETURN_CODE
IF &RETURN_CODE EQ 8 THEN DO           /* END OF MEMBER */
   SET LMGET_DIALOG_RC = 0             /* SET RETURN CODE TO 0 */
   RETURN
   END
IF &RETURN_CODE GT 4 THEN DO
  WRITE &PGMNAME LMGET  DIALOG  RC = &RETURN_CODE  &ZERRSM
  SET RETURN_CODE = &RETURN_CODE + 16
  RETURN
  END
 
IF &SUBSTR(1,&NRSTR(&URECORD)) EQ &STR(*) OR   +
   &SUBSTR(1,&NRSTR(&URECORD)) EQ &STR( ) THEN +
  GOTO GET_NEXT_USR
 
SET USR = &SUBSTR(1:8,&NRSTR(&URECORD))
 
ISREDIT EXCLUDE ALL '&USR' 1
 
GOTO GET_NEXT_USR
 
/*  ---------------   */
 
END
 
 
GET_MAINT: PROC 2 P1 P2
SET RETURN_CODE = 0
SET LP = &STR((
SET RP = )
 
/*SYSREF &P1
SYSREF &P2
 
SET &SYSOUTTRAP = 999999999
 
IF &P1 EQ &STR(LID) THEN DO
  DATA
  ACF
  SHOW PGMS
  ENDDATA
 
  SET A = &SYSOUTLINE
  SET SW = 0
  DO X = 1 TO &A
    SET DATA = &&SYSOUTLINE&X
    SET DATA = &STR(&DATA)
    IF &SW GT 0 THEN DO
      IF &STR(&DATA) EQ &STR( ) THEN +
        SET X = &A
      ELSE DO
        SET LID = &SUBSTR(1:8,&STR(&DATA))
        IF &SYSINDEX(&STR(#&LID),&STR(&P2)) EQ 0 THEN +
          SET P2 = &STR(&P2.#&LID)
        END
      END
    IF &SYSINDEX(&STR(-- MAINTENANCE LOGONIDS),&STR(&DATA)) GT 0 THEN +
      SET SW = 1
    END
  END
ELSE DO
  DATA
  ACF
  SET CONTROL(GSO)
  LIST LIKE(MAINT-)
  ENDDATA
 
  SET A = &SYSOUTLINE
  SET SW = 0
  DO X = 1 TO &A
    SET DATA = &&SYSOUTLINE&X
    SET DATA = &STR(&DATA)
    IF &SW GT 0 THEN DO
      IF &STR(&DATA) EQ &STR( ) THEN +
        SET X = &A
      ELSE +
        SET P2 = &STR(&P2 @&DATA)
      END
    IF &SYSINDEX(&STR(LID&LP&P1&RP),&STR(&DATA)) GT 0 THEN DO
      SET M1 = &X - 1
      SET MDATA = &&SYSOUTLINE&M1
      SET MDATA = &STR(&MDATA)
      SET P2 = &STR(&MDATA @&DATA)
      SET SW = 1
      END
    END
  DATA
  SET SYSID(****)
  LIST LIKE(MAINT-)
  ENDDATA
 
  SET A = &SYSOUTLINE
  SET SW = 0
  DO X = 1 TO &A
    SET DATA = &&SYSOUTLINE&X
    SET DATA = &STR(&DATA)
    IF &SW GT 0 THEN DO
      IF &STR(&DATA) EQ &STR( ) THEN +
        SET X = &A
      ELSE +
        SET P2 = &STR(&P2 @&DATA)
      END
    IF &SYSINDEX(&STR(LID&LP&P1&RP),&STR(&DATA)) GT 0 THEN DO
      SET M1 = &X - 1
      SET MDATA = &&SYSOUTLINE&M1
      SET MDATA = &STR(&MDATA)
      P1 = &STR(&MDATA @&DATA)
      SET SW = 1
      END
    END
  END
 
QUIT
 
SET RETURN_CODE = 0
RETURN
/*  ---------------   */
 
END
