/* REXX */
/* CLS2REXXed by UMLA01S on 20 Oct 2025 at 13:44:53  */
/*trace r?*/
Signal On NoValue
Call On Error
Signal On Failure
Signal On Syntax
Parse source opsys . exec_name .
Address ISREDIT
 
"MACRO"             /* CATM000A EDIT PDI(*)  */
/*********************************************************************/
/* 04/20/2004 JL Nelson Changed to display No Finding text.          */
/* 06/18/2004 JL Nelson ADDED EXIT CODE.                             */
/* 07/15/2004 JL Nelson Changed DISA Standard to STIG requirement.   */
/* 12/15/2004 JL Nelson Changed TSS0620, TSS0650, STIG incorrect.    */
/* 02/09/2005 JL Nelson Changed constants to variables before        */
/*            rename.                                                */
/* 04/13/2005 JL Nelson Added AUTOERASE(ALL) check.                  */
/* 06/08/2005 JL Nelson Pass MAXCC in ZISPFRC variable.              */
/* 06/14/2005 JL Nelson Changed STIG requirement to DISA             */
/*            recommendation.                                        */
/* 06/14/2005 JL Nelson Changed default logic.                       */
/* 06/14/2005 JL Nelson Supress DISA recommendation for FSO.         */
/* 06/14/2005 JL Nelson Supress TEXT not found for FSO.              */
/* 03/15/2006 JL Nelson Made changes to avoid SUBSTR abend 920/932.  */
/* 03/21/2006 JL Nelson Use NRSTR avoid abend 900 if ampersand in    */
/*            data.                                                  */
/* 05/09/2006 JL Nelson Avoid RC 20 on ISREDIT LINE when " or ' in   */
/*            data.                                                  */
/* 09/27/2006 CL Fenton Chg to use ACPVERS over VERSION variable.    */
/* 09/27/2006 CL Fenton Chg TSS0270 for Manual review on             */
/*            Unclassified and Not a Finding for YES|ALL settings.   */
/* 09/27/2006 CL Fenton Added test for ZUSST052, split from          */
/*            ZUSST050.  Chg ZUSST050 when nothing is specified for  */
/*            both fields, Not a Finding else Manual review.         */
/* 06/28/2007 CL Fenton Changed test for TSS0450 to Not Applicable   */
/*            when ACPVERS is 9.0 or greater.                        */
/* 07/09/2007 CL Fenton Resolved several rc 20 error on ISREDIT      */
/*            cmds.  Changed evaluation of TSS0270 and ZUSST050 to   */
/*            review CLASS.                                          */
/* 08/07/2007 CL Fenton Changed characters that identify breaks to   */
/*            Non-national or special characters that could appear   */
/*            in PASSCHAR control option.  Added additional analysis */
/*            on NEWPW adding SC and PASSCHAR checks.  Started with  */
/*            version 9.0.  in PASSCHAR control option.  Added       */
/*            analysis for ZUSST060, to review HFSSEC resource class */
/*            in the RDT.                                            */
/* 10/15/2007 CL Fenton Changed &STR to &NRSTR to allow use of & in  */
/*            PASSCHAR.                                              */
/* 05/05/2008 CL Fenton Changed evaluation of ACPVERS to execute     */
/*            CACC1000 ACPCOMP to compare ACPVERS with var.          */
/* 05/05/2008 CL Fenton Changed ACPVERS evaluation removing 8.0 and  */
/*            below checks.                                          */
/* 05/12/2009 CL Fenton Changed TSS0450 evaluation of 9.0 not        */
/*            applicable.  Removed ACPVERS checking.                 */
/* 10/09/2009 CL Fenton Added analysis of TSS0460 to be consistant   */
/*            with the VMS check.                                    */
/* 03/15/2011 CL Fenton Chgd TSS0400 test from 35 to 30 days.        */
/* 05/25/2011 CL Fenton Reverted TSS0400 test from 30 to 35 days.    */
/* 03/08/2013 CL Fenton Added TSS0660, TSS0670, TSS0680, and TSS0690 */
/*            to evaluate NEWPHRASE, PPSCHAR, NPPTHRESH, PPEXP, and  */
/*            PPHIST Control option settings, CSD-AR003262504.       */
/* 05/28/2013 CL Fenton Corrected TSS0660 rc=852 error, STS-002990.  */
/*            Also made cosmetic changes to this PDI.                */
/* 07/17/2013 CL Fenton Corrected NEWPHRASE tests for MA and MN to   */
/*            specify GE, STS-003491.                                */
/* 09/24/2013 CL Fenton Chgd requirements for TSS0270, STS-003180.   */
/* 12/10/2014 CL Fenton Added ZUSST052 to evaluate CHOWNURS with TSS */
/*            V15 RO6374 PTF remove CHOWNURS control option,         */
/*            STS-006695.                                            */
/* 01/30/2015 CL Fenton Chgd TSS0660 to evaluate MIN=15 for          */
/*            NEWPHRASE, STS-008965.                                 */
/* 02/04/2015 CL Fenton Chgd TSS0480 to check for special            */
/*            characters, STS-004529.                                */
/* 02/04/2015 CL Fenton Chgd TSS0660 to check for special characters */
/*            and removed ID and NR= requirements, STS-008965.       */
/* 08/24/2016 CL Fenton Chgd TSS0400 to INACTIVE(0), STS-015248.     */
/* 07/18/2017 CL Fenton Chgd ZUSST050 to check for setting of        */
/*            UNIQUSER is OFF, STS-017961.                           */
/* 11/15/2017 CL Fenton Added TSS0485 to check the setting of AESENC */
/*            for the value of 128 or 256, STS-018642.               */
/* 05/23/2018 CL Fenton Added "Not Reviewed" to TSS0270 when         */
/*            AUTOERASE is not ALL, TSS0460 when MODE(IMPL) is       */
/*            specified, ZUSST050 when system classification is      */
/*            classified or not defined and UNIQUSER is not OFF,     */
/*            TSS0330, and TSS0420 for vuls that require additional  */
/*            analysis, STS-019713.                                  */
/* 02/20/2019 CL Fenton Chgd TSS0480 and TSS0660 evaluation that all */
/*            special characters be specified in PASSCHAR and        */
/*            PPSCHAR, STS-021085.                                   */
/* 10/20/2025 CL Fenton Converted script from CLIST to REXX.         */
/* 11/07/2025 CL Fenton Chgs to add new automation for IBM zSecure   */
/*            Suite, SCTASKU0461677.                                 */
/*                                                                   */
/*                                                                   */
/*                                                                   */
/*********************************************************************/
pgmname = "CATM000A 11/07/25"
sysprompt = "OFF"                       /* CONTROL NOPROMPT          */
sysflush = "OFF"                        /* CONTROL NOFLUSH           */
sysasis = "ON"                          /* CONTROL ASIS - caps off   */
return_code = 0
maxcc = 0
 
/*******************************************/
/* This EDIT MACRO provides the finding    */
/* details from TSS MODIFY(ST) command.    */
/*******************************************/
/* VARIABLES ARE PASSED TO THIS MACRO      */
/* CONSLIST                                */
/* COMLIST                                 */
/* SYMLIST                                 */
/* TERMMSGS                                */
/*******************************************/
Address ISPEXEC "CONTROL NONDISPL ENTER"
Address ISPEXEC "CONTROL ERRORS RETURN"
return_code = 0
Address ISPEXEC "VGET (CONSLIST COMLIST SYMLIST TERMMSGS ACPVERS",
  "FINDRC PDITEXT DISATXT FINDTXT8 TYPERUN) ASIS"
tm0avget = return_code
If return_code <> 0 then do
  Say pgmname "VGET_RC =" return_code zerrsm
  Say pgmname "CONSLIST/"conslist "COMLIST/"comlist "SYMLIST/"symlist,
    "TERMMSGS/"termmsgs
  Say pgmname "ACPVERS/"acpvers "FINDRC/"findrc "PDITEXT/"pditext,
    "DISATXT/"disatxt "FINDTXT8/"findtxt8 "TYPERUN/"typerun
  return_code = return_code + 16
  SIGNAL ERR_EXIT
  End
 
return_code = 0
"(PDINUM) = MEMBER"
/*say pgmname "PDINUM:"pdinum "FINDRC:"findrc "PDITEXT:"pditext
  say pgmname "DISATXT:"disatxt "FINDTXT8:"findtxt8 "TYPERUN:"typerun*/
/*******************************************/
/* TURN ON MESSAGES                        */
/*******************************************/
 
syssymlist = symlist                    /* CONTROL SYMLIST/NOSYMLIST */
sysconlist = conslist                   /* CONTROL CONLIST/NOCONLIST */
syslist = comlist                       /* CONTROL LIST/NOLIST       */
sysmsg = termmsgs                       /* CONTROL MSG/NOMSG         */
 
/*******************************************/
/* MAIN PROCESS                            */
/*******************************************/
 
lp = "("
rp = ")"
row = 0
return_code = 0
spc = "          "
"CAPS = OFF"
"STATS = OFF"
"(ROW) = LINENUM .ZLAST"
If row > 0 then,
  "DELETE .ZFIRST .ZLAST"
xf = pos("~",pditext) + 1
xl = pos("<",pditext,xf) - 1
 
Select
  when xf              = 1 then Call NOT_FOUND
  when left(pditext,1) = 1 then Call ADDITIONAL_CHK
  when left(pditext,1) = 2 then Call CHECK_RDT
  when findrc          = 0 then Call NOT_A_FINDING
  otherwise                     Call A_FINDING
End
 
 
END_EDIT:
return_code = 0
 
 
ERR_EXIT:
If maxcc >= 16 | return_code > 0 then do
  Address ISPEXEC "VGET (ZISPFRC) SHARED"
  If maxcc > zispfrc then,
    zispfrc = maxcc
  Else,
    zispfrc = return_code
  Address ISPEXEC "VPUT (ZISPFRC) SHARED"
  Say pgmname "ZISPFRC =" zispfrc
  End
tm00arc = return_code
Address ISPEXEC "VPUT (TM0AVGET TM00ARC) ASIS"
"SAVE"
"END"
Exit 0
 
 
ADDITIONAL_CHK:
return_code = 0
"(PDINUM) = MEMBER"
If pdinum = "TSS0249" |,
   pdinum = "TSS0340" |,
   pdinum = "TSS0370" |,
   pdinum = "TSS0510" |,
   pdinum = "TSS0520" then do
  If xf = 1 then,
    Call NOT_FOUND
  Else,
    If findrc = 0 then,
      Call NOT_A_FINDING
    Else
      Call A_FINDING
  end
 
 
BYPASS_TSS0249:
If pdinum = "TSS0260" then do
  If xf = 1 then,
    Call NOT_FOUND
  Else do
/****************************************************/
/* TEST FINDRC WHEN CONTROL OPTION HAS 2 POSSIBLE   */
/* VALUES AVAILABLE.                                */
/****************************************************/
    o1 = pos("OVERRIDE",pditext)
    o2 = pos("MERGE",pditext)
    o3 = pos("ALLOVER",pditext)
    If (o1 > 0 | o2 > 0) & o3 > 0 then,
      Call NOT_A_FINDING
    Else
      Call A_FINDING
    end
  end
 
 
BYPASS_TSS0260:
If pdinum = "TSS0360" then do
  If xf = 1 then,
    Call NOT_FOUND
  Else do
    parse var pditext . "(" down ")" .
    bw = pos("BW",down)
    sb = pos("SB",down)
    tn = pos("TN",down)
    tw = pos("TW",down)
    ow = pos("OW",down)
    If (bw > 0) & (sb > 0) & (tn > 0 | tw > 0) & (ow > 0) then,
      Call NOT_A_FINDING
    Else
      Call A_FINDING
    end
  end
 
 
BYPASS_TSS0360:
If pdinum = "TSS0440" then do
  If xf = 1 then,
    Call NOT_FOUND
  Else do
    parse var pditext . "(" log ")" .
    init = pos("INIT",log)
    sec9 = pos("SEC9",log)
    smf = pos("SMF",log)
    msg = pos("MSG",log)
    If (init > 0) & (sec9 > 0) & (smf > 0) & (msg > 0) then,
      Call NOT_A_FINDING
    Else
      Call A_FINDING
    end
  end
 
 
BYPASS_TSS0440:
If pdinum = "TSS0270" then do
  If xf = 1 then,
    Call NOT_FOUND
  Else do
    Address ISPEXEC "VGET (CLASS) ASIS"
    parse var pditext . "(" opt ")" .
    ey = pos("YES",opt)
    en = pos("NO",opt)
    ea = pos("ALL",opt)
    e3 = ey + en + ea
    If e3 = 0 then,
      Call A_FINDING
    If ea > 0 then,
      Call NOT_A_FINDING
    Else do
      ac = "Not Reviewed"
      "LINE_AFTER .ZLAST = (AC)"
      Call A_FINDING
      end
    end
  end
 
 
BYPASS_TSS0270:
If pdinum = "TSS0320" |,
   pdinum = "TSS0420" |,
   pdinum = "TSS0590" then do
  If xf = 1 then,
    Call NOT_FOUND
  Else,
    If findrc = 0 then,
      Call NOT_A_FINDING
    Else do
      If pdinum <> "TSS0420" then do
        ac = "Not Reviewed"
        "LINE_AFTER .ZLAST = DATALINE (AC)"
        End
      Call A_FINDING
      end
  end
 
 
BYPASS_TSS0320:
If pdinum = "TSS0330" then do
  If xf = 1 then,
    Call NOT_FOUND
  Else,
    If pos("DIAGTRAP ENTRIES: ON = 00",pditext) > 0 then,
      Call NOT_A_FINDING
    Else do
      ac = "Not Reviewed"
      "LINE_AFTER .ZLAST = DATALINE (AC)"
      Call A_FINDING
      end
  end
 
 
BYPASS_TSS0370:
If pdinum = "TSS0390" |,
   pdinum = "TSS0400" |,
   pdinum = "TSS0500" |,
   pdinum = "TSS0540" |,
   pdinum = "TSS0550" |,
   pdinum = "TSS0560" |,
   pdinum = "TSS0650" |,
   pdinum = "TSS0670" |,
   pdinum = "TSS0680" |,
   pdinum = "TSS0690" then do
/****************************************************/
/* TEST FOR FINDINGS WITH NUMERIC VALUE RANGES      */
/****************************************************/
  If xf = 1 then,
    Call NOT_FOUND
  Else do
    parse var pditext . "(" fld ")" .
    If (pdinum = "TSS0390" & (fld >= 1 & fld <= 3)) |,
       (pdinum = "TSS0400" & fld = 0) |,
       (pdinum = "TSS0500" & fld = 2) |,
       (pdinum = "TSS0670" & fld = 2) |,
       (pdinum = "TSS0540" & (fld >= 1 & fld <= 2)) |,
       (pdinum = "TSS0550" & (fld >= 1 & fld <= 60)) |,
       (pdinum = "TSS0680" & (fld >= 1 & fld <= 60)) |,
       (pdinum = "TSS0560" & (fld >= 10 & fld <= 64)) |,
       (pdinum = "TSS0690" & (fld >= 10 & fld <= 64)) |,
       (pdinum = "TSS0650" & (fld >= 1 & fld <= 30)) then,
      Call NOT_A_FINDING
    Else
      Call A_FINDING
    end
  end
 
 
BYPASS_TSS0390:
If pdinum = "TSS0460" then do
  If findrc = 0 then,
    Call NOT_A_FINDING
  Else do
    If pos("IMPL",pditext) > 1 then do
      ac = "Not Reviewed"
      "LINE_AFTER .ZLAST = DATALINE (AC)"
      End
    Call A_FINDING
    end
  end
 
 
BYPASS_TSS0460:
If pdinum = "TSS0480" then do
  If xf = 1 then,
    Call NOT_FOUND
  Else do
    parse var pditext . "MIN=" min "," .
    parse var pditext . "WARN=" warn "," .
    parse var pditext . "MINDAYS=" mindays "," .
    parse var pditext . "NR=" nr "," .
    id = pos(",ID",pditext)
    ts = pos(",TS",pditext)
    rs = pos(",RS",pditext)
    sc = pos(",SC",pditext)
    sw = pos(",SW",pditext)
    fa = pos(",FA",pditext)
    fn = pos(",FN",pditext)
    mc = pos(",MC",pditext)
    lc = pos(",LC",pditext)
    uc = pos(",UC",pditext)
    /* PASSCHAR tests */
    passchar = pos("PASSCHAR(",pditext)
    parse var pditext . "PASSCHAR(" pwchar ")" .
    pwchar = pwchar","
    mpwchar = ""
    tpasschar = "@,#,$,&,*,^,:,=,!,-,%,.,?,_,|,"
    Do X = 1 to length(tpasschar) by 2
      t = substr(tpasschar,x,2)
      If pos(t,pwchar) = 0 then,
        mpwchar = mpwchar""t
      End
    If length(mpwchar) > 1 then do
      mpwchar = strip(mpwchar,"T",",")
      End
/*  Say pgmname "PWCHAR:<"pwchar"> TPASSCHAR:<"tpasschar">",
      "MPWCHAR:<"mpwchar">"*/
    If passchar = 0 then do
      pditext = pditext"~ PASSCHAR()<"
      passchar = pos("PASSCHAR(",pditext)
      xl = pos("<",pditext,xf) - 1
      End
    Else do
      y = pos(rp,pditext,passchar) + 1
      parse var pditext . =(passchar) pchr =(y) .
      end
    at = pos("@",pditext,passchar)
    lb = pos("#",pditext,passchar)
    dl = pos("$",pditext,passchar)
    If min  = 8       &,
       warn >= 1      &,
       warn <= 10     &,
       mindays = 1    &,
       nr = 0         &,
       id > 0         &,
       ts > 0         &,
       rs > 0         &,
       fa > 0         &,
       fn > 0         &,
       mc > 0         &,
       lc > 0         &,
       uc > 0         &,
       sc > 0         &,
       passchar > 0   &,
       length(mpwchar) = 0 then,
      Call NOT_A_FINDING
    Else
      Call A_FINDING
    end
  end
 
 
BYPASS_TSS0480:
If pdinum = "TSS0485" then do
  If xf = 1 then,
    Call NOT_FOUND
  Else,
    If pos("(128)",pditext) > 0 |,
       pos("(256)",pditext) > 0 then,
      Call NOT_A_FINDING
    Else
      Call A_FINDING
  end
 
 
BYPASS_TSS0485:
If pdinum = "TSS0505" then do
  If xf = 1 then,
    Call NOT_FOUND
  Else do
/****************************************************/
/* ADDITIONAL TESTS FOR TSS0505 (OPTIONALS).  OTHER */
/* FINDING SENT TO BYPASS_TSS0505.                  */
/****************************************************/
    parse var pditext . "(" fld ")" .
    fld = fld","
    If pos("004,",fld) > 0 then,
      Call NOT_A_FINDING
    Else
      Call A_FINDING
    end
  end
 
 
BYPASS_TSS0505:
If pdinum = "TSS0580" then do
  If xf = 1 then,
    Call NOT_FOUND
  Else do
    parse var pditext . "(" min ")" .
    If pos("%",min) > 0 then,
      Call NOT_A_FINDING
    Else
      Call A_FINDING
    end
  end
 
 
BYPASS_TSS0580:
If pdinum = "TSS0660" then do
  If xf = 1 then,
    Call NOT_FOUND
  Else do
    parse var pditext . "NEWPHRASE(" newphrase ")" .
    s1 = pos("NEWPHRASE(",pditext)
    If s1 = 0 then,
      newphrase = "MA=0,MN=0,MAX=100,MIN=9,MINDAYS=0,NR=0,SC=0,WARN=3"
    newphrase = newphrase","
    ma = 0
    parse var newphrase . "MA=" ma "," .
    mn = 0
    parse var newphrase . "MN=" mn "," .
    max = 100
    parse var newphrase . "MAX=" max "," .
    min = 9
    parse var newphrase . "MIN=" min "," .
    mindays = 0
    parse var newphrase . "MINDAYS=" mindays "," .
    nr = 0
    parse var newphrase . "NR=" nr "," .
    sc = 0
    parse var newphrase . "SC=" sc "," .
    warn = 3
    parse var newphrase . "WARN=" warn "," .
    id = pos("ID,",newphrase)
    /* PPSCHAR tests */
    ppschar = pos("PPSCHAR(",pditext)
    parse var pditext . "PPSCHAR(" pwchar ")" .
    pwchar = pwchar","
    mpwchar = ""
    tpasschar = " ,@,#,$,&,*,^,:,=,!,-,%,.,?,_,|,"
    Do X = 1 to length(tpasschar) by 2
      t = substr(tpasschar,x,2)
      If pos(t,pwchar) = 0 then
        mpwchar = mpwchar""t
      End
    If length(mpwchar) > 1 then do
      mpwchar = strip(mpwchar,"T",",")
      End
/*  Say pgmname "PWCHAR:<"pwchar"> TPASSCHAR:<"tpasschar">",
      "MPWCHAR:<"mpwchar">"*/
    If ppschar = 0 then do
      pditext = pditext"~ PPSCHAR()<"
      ppschar = pos("PPSCHAR(",pditext)
      xl = pos("<",pditext,xf) - 1
      End
    Else do
      y = pos(rp,pditext,ppschar) + 1
      parse var pditext . =(ppschar) pchr =(y) .
      end
    at = pos("@",pditext,ppschar)
    lb = pos("#",pditext,ppschar)
    dl = pos("$",pditext,ppschar)
    sp = pos(", ",pditext,ppschar)
    If sp = 0 then,
      sp = pos(" ,",pditext,ppschar)
    ath = pos("7C",pditext,ppschar)
    lbh = pos("7B",pditext,ppschar)
    dlh = pos("5B",pditext,ppschar)
    sph = pos("40",pditext,ppschar)
    If ma      >= 1      &,
       mn      >= 1      &,
       max     =  100    &,
       min     >= 15     &,
       mindays = 1       &,
       sc      >= 1      &,
       warn    >= 1      &,
       warn    <= 10     &,
       ppschar > 0       &,
       length(mpwchar) = 0 then,
      Call NOT_A_FINDING
    Else
      Call A_FINDING
    end
  end
 
 
BYPASS_TSS0660:
If pdinum = "TSS0730" then do
  If xf = 1 then,
    Call NOT_FOUND
  Else do
    parse var pditext . "VTHRESH(" vio "," . ")" .
    if vio = "" then vio = 5
    If datatype(vio) <> "NUM" then,
      Call A_FINDING
    not = pos(",NOT",pditext)
    can = pos(",CAN",pditext)
    sus = pos(",SUS",pditext)
  /*If (vio >= 1 & vio <= 10) & not > 0 & can > 0 then, Remove suspend */
    If (vio >= 1 & vio <= 10) & not > 0 & (can > 0 | sus > 0) then,
      Call NOT_A_FINDING
    Else
      Call A_FINDING
    end
  end
 
 
BYPASS_TSS0730:
If pdinum = "ZUSST050" then do
  If xf = 1 then,
    Call NOT_FOUND
  Else do
    Address ISPEXEC "VGET (CLASS) ASIS"
    If class = 2 then do
      Call NOT_APPLICABLE
      Return
      end
    uniquser = ""
    parse var pditext . "UNIQUSER(" uniquser ")" .
    If uniquser = "OFF" then,
      Call NOT_A_FINDING
    Else do
      ac = "Not Reviewed"
      "LINE_AFTER .ZLAST = DATALINE (AC)"
      ac = "The following Control Option value(s) is (are) improperly set:"
      "LINE_AFTER .ZLAST = (AC)"
      ac = " "
      "LINE_AFTER .ZLAST = (AC)"
      ac = "     "uniquser
      "LINE_AFTER .ZLAST = (AC)"
      Call STIG_REQ
      end
    end
  end
 
 
BYPASS_ZUSST050:
If pdinum = "ZUSST060" then do
  If xf = 1 then,
    Call NOT_FOUND
  Else do
    If pos("HFSSEC(OFF)",pditext) > 0 then do
      Call NOT_APPLICABLE
      Return
      end
    x = outtrap("out.")
    cmd = "TSS LIST(RDT) RESCLASS(HFSSEC)"
    Address TSO cmd
    Do x = 1 to out.0
      ab = out.x             /* set variable*/
      If substr(ab,1,12) <> "ACCESSORID =" &,
         ab              <> " " &,
         substr(ab,1,3)  <> "TSS" then do
        ab = "   "ab
        "LINE_AFTER .ZLAST = (AB)"
        End
      End
    "EXCLUDE ALL '=' 21"
    return_code = 0
    Do until return_code > 0
      "FIND ' ' 1 NX FIRST"
      If return_code = 0 then do
        "(ROW) = LINENUM .ZCSR"
        row1 = row - 1
        "(AC1) = LINE" row
        "(AC) = LINE" row1
        ac = strip(ac,"T")
        ac1 = strip(ac1,"B")
        ac = ac""ac1
        "DELETE" row
        "LINE" row1 "= (AC)"
        End
      End
    ac = " "
    "LINE_BEFORE .ZFIRST = (AC)"
    return_code = 0
    "FIND 'DEFPROT' ALL"
    If return_code > 0 then,
      ac = "The HFSSEC resource class is not defined with DEFPROT."
    Else do
      ac = "The HFSSEC resource class has DEFPROT specified."
      "LINE_BEFORE .ZFIRST = (AC)"
      ac = "Not a Finding"
      End
    "LINE_BEFORE .ZFIRST = (AC)"
    ac = " "
    "LINE_AFTER .ZLAST = (AC)"
    Call STIG_REQ
    end
  end
Return
 
 
CHECK_RDT:
a = 0
ndrdt. = ""
return_code = 0
do y = 2 to words(pditext) - 1
  resclass = word(pditext,y)
  x = outtrap("out.")
  cmd = "TSS LIST(RDT) RESCLASS("resclass")"
  Address TSO cmd
  If return_code > 0 then do
    return_code = 0
    a = a + 1
    ndrdt.a = resclass
    end
  Else Do x = 1 to out.0
    ab = out.x             /* set variable*/
/*  If substr(ab,1,12) <> "ACCESSORID =" &,
       ab              <> " " &,
       substr(ab,1,3)  <> "TSS" then do*/
    If substr(ab,1,12) <> "ACCESSORID =" &,
       substr(ab,1,3)  <> "TSS" then do
      ab = "     "ab
      "LINE_AFTER .ZLAST = (AB)"
      "(ROW) = LINENUM .ZLAST"
      If pos("DEFPROT",ab) > 0 then do
        "FIND '                  ' 1 PREV"
        "(LINE,COL) = CURSOR"
        say pgmname line col ".ZLAST" row
        return_code = 0
        "DELETE .ZCSR .ZLAST"
        say pgmname "DELETE" return_code
        leave x
        End
      End
    return_code = 0
    End
  End
"(ROW) = LINENUM .ZLAST"
If row > 0 then do
  ab = "The following resource class(es) is(are) not defined with",
    "DEFPROT."
  "LINE_BEFORE .ZFIRST = (AB)"
  End
If a > 0 then do
  If row > 0 then do
    ab = " "
    "LINE_AFTER .ZLAST = (AB)"
    end
  ab = "The following resource class(es) is(are) not defined to",
    "the RDT record."
  "LINE_AFTER .ZLAST = (AB)"
  ab = " "
  "LINE_AFTER .ZLAST = (AB)"
  Do x = 1 to a
    ab = "     "ndrdt.x
    "LINE_AFTER .ZLAST = (AB)"
    End
  "(ROW) = LINENUM .ZLAST"
  End
If row = 0 then do
  ab = "Not a Finding."
  "LINE_AFTER .ZLAST = (AB)"
  End
Return
 
 
NOT_APPLICABLE:
ac = "Not Applicable"
"LINE_AFTER .ZLAST = (AC)"
"LINE_AFTER .ZLAST = DATALINE ' '"
If pdinum = "ZUSST060" then,
  ac = "     HFSSEC(OFF) is specified."
Else,
  ac = "     Top Secret Version" acpvers
"LINE_AFTER .ZLAST = (AC)"
"LINE_AFTER .ZLAST = DATALINE ' '"
If xf > 0 & xf <= xl then do
  x = pos("~",substr(pditext,1,xl)"~",xf)
  If x = 0 then,
    x = xl + 1
  Do while x > 2
    If substr(pditext,xf,1) = " " then,
      xf = xf + 1
    parse var pditext =(xf) ab =(x) .
    ac = "     "ab
    "LINE_AFTER .ZLAST = DATALINE (AC)"
    xf = x + 1
    x = pos("~",substr(pditext,1,xl)"~",xf)
    End
  End
Call STIG_REQ
Return
 
 
A_FINDING:
ac = "The following Control Option value is improperly set:"
"LINE_AFTER .ZLAST = (AC)"
"LINE_AFTER .ZLAST = DATALINE ' '"
If xf > 0 & xf <= xl then do
  x = pos("~",substr(pditext,1,xl),xf)
  If x = 0 then,
    x = xl + 1
  Do while x > 2
    If substr(pditext,xf,1) = " " then,
      xf = xf + 1
    parse var pditext =(xf) ab =(x) .
    ac = "     "ab
    "LINE_AFTER .ZLAST = DATALINE (AC)"
    xf = x + 1
    x = pos("~",substr(pditext,1,xl)"~",xf)
    End
  End
 
 
STIG_REQ:
return_code = 0
If typerun <> "SRRAUDIT" then,
  Return
"LINE_AFTER .ZLAST = DATALINE ' '"
zf = 1
zl = length(disatxt)
z = pos("~",disatxt)
Do while z > zf
  parse var disatxt . =(zf) fld "~" .
  ac = "DISA recommendation:" fld
  "LINE_AFTER .ZLAST = (AC)"
  zf = z + 1
  z = pos("~",disatxt"~",zf)
  End
If zl > zf then do
  parse var disatxt . =(zf) fld
  ac = "DISA recommendation:" fld
  "LINE_AFTER .ZLAST = (AC)"
  End
Return
 
 
NOT_FOUND:
return_code = 0
ac = "The following Control Option value is improperly set:"
"LINE_AFTER .ZLAST = (AC)"
"LINE_AFTER .ZLAST = DATALINE ' '"
If xf < 4 then
  ac = "     "substr(pditext,2,xl-1)
Else,
  ac = "     "substr(pditext,2,xf-2)
"LINE_AFTER .ZLAST = (AC)"
"LINE_AFTER .ZLAST = DATALINE ' '"
If typerun <> "SRRAUDIT" then,
  Return
z = pos("~",findtxt8)
Do while z > 0
  zl = length(findtxt8)
  If z = 1 then,
    findtxt8 = substr(findtxt8,2,zl)
  Else
    If z+1 < zl then,
      findtxt8 = substr(findtxt8,1,z-1)substr(findtxt8,z+1)
    Else,
      findtxt8 = substr(findtxt8,1,zl-1)
  z = pos("~",findtxt8)
  End
z = pos("'",findtxt8)
Do while z > 0
  zl = length(findtxt8)
  If z = 1 then,
    findtxt8 = substr(findtxt8,2)
  Else,
    If z+1 < zl then,
      findtxt8 = substr(findtxt8,1,z-1)substr(findtxt8,z+1)
    Else,
      findtxt8 = substr(findtxt8,1,z-1)
  z = pos("'",findtxt8)
  End
z = pos(" .ZCSR",findtxt8)
Do while z > 0
  zl = length(findtxt8)
  If z = 1 then,
    findtxt8 = substr(findtxt8,6)
  Else,
    If z+5 < zl then,
      findtxt8 = substr(findtxt8,1,z-1)substr(findtxt8,z+7)
    Else,
      findtxt8 = substr(findtxt8,1,z-1)
  z = pos(" .ZCSR",findtxt8)
  End
z = pos("  ",strip(findtxt8,"T"))
Do while z > 0
  zl = length(findtxt8)
  If z+4 < zl then do
    findtxt8 = substr(findtxt8,1,z-1)substr(findtxt8,z+2)
    z = pos("  ",strip(findtxt8,"T"))
    End
  Else,
    z = 0
  End
ac = "     "strip(findtxt8,"B")" - Text not found"
"LINE_AFTER .ZLAST = (AC)"
"LINE_AFTER .ZLAST = DATALINE ' '"
Call STIG_REQ
Return
 
 
NOT_A_FINDING:
ac = "Not a Finding"
"LINE_AFTER .ZLAST = (AC)"
"LINE_AFTER .ZLAST = DATALINE ' '"
If xf > 0 & xf <= xl then do
  x = pos("~",substr(pditext,1,xl),xf)
  If x = 0 then,
    x = xl + 1
  Do while x > 2
    If substr(pditext,xf,1) = " " then,
      xf = xf + 1
    parse var pditext =(xf) ab =(x) .
    ac = "     "ab
    "LINE_AFTER .ZLAST = DATALINE (AC)"
    xf = x + 1
    x = pos("~",substr(pditext,1,xl)"~",xf)
    End
  End
Return
 
 
NoValue:
Failure:
Syntax:
say pgmname 'REXX error' rc 'in line' sigl':' strip(ERRORTEXT(rc))
say SOURCELINE(sigl)
SIGNAL ERR_EXIT
 
 
Error:
return_code = RC
if RC > 4 & RC <> 8 then do
  say pgmname "LASTCC =" RC strip(zerrlm)
  say pgmname 'REXX error' rc 'in line' sigl':' ERRORTEXT(rc)
  say SOURCELINE(sigl)
  end
if return_code > maxcc then
  maxcc = return_code
return
 
 
