Broadcom has published their own Vendor Product STIG for CA Common Components and Services or CCS for z/OS, how to properly secure CCS using ACF2, RACF or TSS on the z/OS Mainframe. STIG Articles provide documented z/OS Mainframe Security Controls to help you move forward in securing your mainframes.
The Broadcom Vendor CCS STIG using ACF2, RACF OR TSS on z/OS can be found at: https://techdocs.broadcom.com/us/en/ca-mainframe-software/traditional-management/ca-common-services-for-z-os/15-0/using-stig-articles.html