Broadcom has published their own Vendor Product STIG for CA OPS/MVS for z/OS, how to properly secure OPS/MVS using ACF2, RACF or TSS on the z/OS Mainframe. STIG Articles provide documented z/OS Mainframe Security Controls to help you move forward in securing your mainframes.
The Broadcom Vendor OPS/MVS STIG using ACF2, RACF OR TSS on z/OS can be found at: https://techdocs.broadcom.com/us/en/ca-mainframe-software/automation/ca-ops-mvs-event-management-and-automation/14-0/using-stig-articles.html