Syntax
DEF_STD new-syntax-standard(version1[,version_n]*) [ESM([RACF|ACF2|TSS|NONE] ...)
DEF_REF reference-typeThe STANDARD command has the following syntax:
STANDARD
[old-syntax-standardname
[DESCRIPTION('description')]
VERSION(version)
[ESM([RACF | ACF2 | TSS | NONE] ...)]
]
DEFINE TYPE=type ...
/* optional DEFINE statements can be present */
...
INCLUDE ...
/* optional INCLUDE/IMBED statements can be present */
...
DEFSENS ...
/* optional DEFSENS statements can be present */
...
DOMAIN domainname
[OPTION(type(option ...) ...),]
/* type must be same as on SELECT */
SELECT(type[(selclause)] ... ),
/* automatic object merge, max 1/type */
[DESCRIPTION('desc'),]
[SUMMARY(type(field ...))]
/* type must be same as on SELECT */
[CONFIG=member] [ESM({[RACF][ACF2][TSS]|NONE})]
[SENSTYPE=(sensitivity)]
[ALLOWLIST(member[(level)],...)]
[LOOKUP_CONFIG(member,...)]
[LOOKUP_CONFIG_LONG(member,...)]...
[CONTROL|RULE_SET]
[set|(control STD(standard({version_1 | version_n:[version_m]},...)
[DESCRIPTION(overriding-description)]
[SORTKEY(overriding-sortkey)]
[SEVERITY(overriding-severity)]
[REFERENCE([reference_type=reflist],...)]
)
),...
]
[DESCRIPTION(default-description)]
[SORTKEY(default-sortkey)]
[SEVERITY(default-severity)]
[CAPTION(caption)]
/* severity is one of {1 | 2 | 3 | HIGH | MEDIUM | LOW} */
RULE rulename DOMAIN(name),
[DESCRIPTION('desc'),]
[SET(set)]
[CAPTION(caption)]
[SEVERITY({1 | 2 | 3 | HIGH | MEDIUM | LOW})]
[EXEMPT(type(selclause)) ]
/* exempt types must be present in the DOMAIN SELECT */
INCLUDE ...
/* optional INCLUDE/IMBED statements can be present */
[GOAL|TEST] testname
{type{reloper count | (fieldname reloper compliantvalue)}
[{COMPLIANT | NONCOMPLIANT | N/A}]
[OTHERWISE( {UNDECIDED | nested [GOAL|TEST] ... nested [GOAL|TEST]} )] |
[type:]ASSERT}
[DESCRIPTION(description)]
...
{ENDRULE|END_RULE} [rulename]
{ENDCONTROL|END_CONTROL|ENDRULE_SET|END_RULE_SET} [control name]
/* Optional SUPPRESS and SIMULATE statements */
SUPPRESS STANDARD=[{ name | * }] { RULE_SET=name | RULE=name } REASON=’description’
SIMULATE CLASS=DATASET SENSITIVITY=sensitivity RESOURCE=creditcardsset
{ENDSTANDARD|END_STANDARD} [old-syntax-standardname]
/* Other optional statements */
SUPPRESS STANDARD=[{ name | * }] { RULE_SET=name | RULE=name } REASON=’description’
SITE_SEVERITY severity STANDARD(standard)
{RULE(set) | RULE_SET(set)}
SITE_SEVERITY severity COMPLEX(complex)- The context for a TEST is a RULE.
- The context for a RULE is a STANDARD VERSION.
- The context for a RULE_SET is a STANDARD VERSION.
- The context for a DOMAIN is a STANDARD VERSION.
- A
STANDARDname is global (run level).
- The context for a GOAL/TEST is a RULE.
- The context for a RULE is a set of STANDARD VERSION statements that are identified by the CONTROL/RULE_SET.
- A CONTROL/RULE_SET name can be part of multiple STANDARD and VERSION statements.
- The context for a new syntax DOMAIN is global (run level).
- The context for a DEF_STD syntax standard name is global (run level).
- The context for a DEF_REF reference type is global (run level).
Names must be defined before they can be referred to.
All names defined for RULE, CONTROL or RULE_SET, and GOAL or TEST allow dots and dashes in the name.
The maximum length of names defined for RULE and CONTROL (RULE_SET) is 64. For the domain name, it is 32. But the user interface shows only 16 characters, so it is best to make sure that the leading 16-character prefix of all the names is unique.
The DEFINE and INCLUDE statements and their aliases can occur at the same level as DOMAIN and RULE statements, but only INCLUDE is allowed at the same level as the TEST statement. These statements have the same effect as when used outside the context of a STANDARD / ENDSTANDARD statement sequence. INCLUDE can also occur as a statement within the RULE/ENDRULE block so as to reuse common GOAL or TEST specifications in multiple rules, and maintain them in one place. For more information, see the sections on DEFINE and IMBED/INCLUDE.