Comprehensive report listing in SPM with ESM compatibility
This topic serves as a centralized reference for all reports available in BMC AMI Security Policy Manager (SPM), organized by the enterprise security manager (ESM) platforms—RACF, CA Top Secret (TSS), and CA ACF2. It is designed to help you determine report availability and platform compatibility. Use this reference to quickly identify whether a specific report is supported and which ESM integration it applies to.
The following table lists the 655 reports in SPM. The columns from left to right indicate the UI navigation path to access a report.
| Menu | Menu group | Menu group item | Report title | RACF | TSS | ACF2 | Number of reports per menu |
| Data Sets | Non-Fully Qualified Generic | APF | APF Data Sets without Fully Qualified Generic Profile | Y | |||
| APF Data Sets without Fully Qualified Permit | Y | ||||||
| APF Data Sets without Fully Qualified Rule | Y | ||||||
| Other | Other Data Sets with Non-Fully Qualified Generic profiles | Y | |||||
| Other Data Sets without Fully Qualified Permit | Y | ||||||
| Other Data Sets without Fully Qualified Rule | Y | ||||||
| Sensitive Data Sets | UACC > None | Sensitive Data Sets with UACC > None | Y | ||||
| ID(*) > None | Sensitive Data Sets with ID(*) > None | Y | |||||
| WARN | Sensitive Data Sets with WARN | Y | |||||
| Uncatalogued | Uncatalogued Sensitive Data Sets | Y | Y | Y | |||
| Inappropriate Audit | Sensitive Data Sets with Inappropriate Audit | Y | |||||
| Level = 99 | Sensitive Data Sets with Level = 99 | Y | |||||
| All | All Sensitive Data Sets | Y | Y | ||||
| With *ALL* Access > None | All sensitive resources with *ALL* ACCESS > None | Y | |||||
| Other datasets With UID(*) Access > None | All sensitive datasets with UID(*) ACCESS > None | Y | |||||
| APF Data Sets | APF datasets With UID(*) Access > None | APF libraries with UID(*) access > None | Y | ||||
| APF libraries with inappropriate logging | APF libraries with Inappropriate Logging - should be WRITE(L) and ALLOC(L) | Y | |||||
| APF libraries with no Rule with UID(*) preventing access | APF libraries with no Rule with UID(*) preventing access | Y | 21 | ||||
| Sensitive Commands | (No title) | z/OS.SETPROG | z/OS.SETPROG Commands | Y | Y | Y | |
| SETROPTS | SETROPTS Commands | Y | |||||
| All z/OS Commands | All z/OS Commands | Y | Y | Y | 7 | ||
| Resources | Missing Permissions | OPERCMD | Missing OPERCMD Permissions | Y | Y | Y | |
| STGADMIN | Missing STGADMIN Permissions | Y | Y | Y | |||
| UNIXPRIV | Missing UNIXPRIV Permissions | Y | Y | Y | |||
| Command Verifier | Missing Command Verifier Profiles | Y | Y | ||||
| Certificate | Missing Certificate Permissions | Y | Y | Y | |||
| Certificates | All Permissions | All Certificate Permissions | Y | Y | |||
| Expiring | Expiring Certificates | Y | Y | Y | |||
| Expired | Expired Certificates | Y | Y | Y | |||
| All | All Certificates | Y | Y | Y | |||
| Misconfigured Settings | CICS SIT | Misconfigured CICS SIT Settings | Y | Y | Y | ||
| IMS | Misconfigured IMS Settings | Y | Y | Y | |||
| DB2 | Misconfigured DB2 Settings | Y | Y | Y | |||
| MQ | Misconfigured MQ Settings | Y | Y | Y | |||
| Software Security Settings | CICS SIT | CICS SIT Settings | Y | Y | Y | ||
| IMS | IMS Security Settings | Y | Y | Y | |||
| DB2 | DB2 Security Settings | Y | Y | Y | |||
| MQ | MQ Security Settings | Y | Y | Y | |||
| (No title) | Recommended Security Settings | Recommended Profile and Security Settings | Y | ||||
| Permissions with Inappropriate Audit | Resource Permissions with Inappropriate Audit | Y | Y | ||||
| All Permissions | All Resource Permissions | Y | Y | ||||
| Global Access Table | Global Access Table | Y | 55 | ||||
| System Settings | PPT | Entries Specifying NOPASS | PPT Entries Specifying NOPASS in Parmlib | Y | Y | Y | |
| Entries Defined as NOSWAP | PPT Entries Defined as NOSWAP in Parmlib | Y | Y | Y | |||
| (No title) | Misconfigured Settings | Misconfigured Settings | Y | ||||
| All Settings | All Settings | Y | Y | ||||
| STC Entries with Unprotected User ID | Started Task Entries with Unprotected User ID | Y | Y | ||||
| Inactive Monitored Jobs | Inactive Monitored Jobs | Y | Y | Y | |||
| Misconfigured Settings | Misconfigured Settings | Y | |||||
| TSSPARM Settings | TSSPARM Settings | Y | 17 | ||||
| Users | (No title) | Specific User Activity | Detailed User Activity | Y | Y | ||
| Weak Passwords | Users with Weak Password | Y | |||||
| Special and Audit | Users with Special and Audit | Y | |||||
| Operations | Users with Operations | Y | |||||
| No Password Interval | Users with No Password Interval | Y | |||||
| UID(0) | Users with UID(0) | Y | |||||
| Not used for 90 days | Users not used for 90 days | Y | |||||
| IBMUSER Not Revoked | IBMUSER Not Revoked | Y | |||||
| Revoked Special Users | Revoked Special Users | Y | |||||
| Duplicate Names | Users with Duplicate Names | Y | |||||
| File Transfers | User File Transfers | Y | Y | Y | |||
| Inactive (Non-STC) | All Inactive Non-STC Users | Y | |||||
| ACF2 Privileges | Users with ACF2 Privileges | Y | |||||
| UID(0) | Users with UID(0) | Y | |||||
| Password interval<30 | Users with password interval<30 | Y | |||||
| Sharing non-zero uid | Users sharing non-zero uid | Y | |||||
| Users with Special, Operations, Auditor or ROAudit Privilege | Users with Special, Operations, Auditor or ROAudit Privilege | Y | |||||
| ACIDs | No 'Last Used' Date | ACIDs with no 'Last Used' Date | Y | ||||
| With NOxxxCHK | ACIDs with NOxxxCHK | Y | |||||
| With Non-Expiring Passwords | ACIDs with Non-Expiring Passwords | Y | |||||
| With UID(0) | ACIDs with UID(0) | Y | 25 | ||||
| Compliance | (No title) | Access Violations | Access Violations | Y | Y | ||
| Allowlist | Allowlists | Y | Y | Y | 6 | ||
| Compliance Reports | Overview | Compliance Overview | Y | Y | Y | 1 | |
| All | All Compliance Reports | Y | Y | Y | 508 | ||
| DISA STIG | DISA STIG Compliance Reports | Y | Y | Y | 319 | ||
| z/OS | z/OS Compliance Reports | Y | Y | Y | 11 | ||
| Db2 | DB2 Compliance Reports | Y | Y | Y | 15 | ||
| RACF | RACF Compliance Reports | Y | 31 | ||||
| USS | USS Compliance Reports | Y | Y | Y | 8 | ||
| TCP/IP | TCP/IP Compliance Reports | Y | Y | Y | 12 | ||
| CICS | CICS Compliance Reports | Y | Y | Y | 21 | ||
| REXX | REXX Compliance Reports | Y | Y | Y | 21 | ||
| CIS RACF | CIS RACF Compliance Reports | Y | 41 | ||||
| PCI DSS | PCI DSS RACF Compliance Reports | Y | 8 | ||||
| TSS | TSS Compliance Reports | Y | 21 | ||||
| RACF | Profiles with… | UACC > None | Profiles with UACC > None | Y | |||
| ID(*) > None | Profiles with ID(*) > None | Y | |||||
| Warning | Profiles with Warning | Y | |||||
| Empty ACL | Profiles with an Empty ACL | Y | |||||
| Groups | Owner is not Supgroup | Groups where the Owner is not the Supgroup | Y | ||||
| Universal Settings | Universal Group Settings | Y | 6 | ||||
| z/VM | (No title) | All | z/VM Rules Summary | Y | |||
| Surrogate users | Protecting z/VM surrogate users | Y | |||||
| Logonby resources | Protecting z/VM logonby resources | Y | |||||
| Allowlists | Protecting z/VM allowlists | Y | 4 | ||||
| TSS | (No title) | Resources with *ALL* Access > None | Resources with *ALL* Access > None | Y | 1 | ||
| ACF2 | (No title) | Access Rules | Access Rules | Y | |||
| Resource Rules | Resource Rules | Y | |||||
| GSO/Password/Phrase Settings | GSO/Password/Phrase Settings | Y | |||||
| Rules with… | UID(*) access > None | Rules with UID(*) access > None | Y | 4 |
For more information about compliance reports supported in SPM, see:
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*