Hi Mark,
CIA (Compliance Information Analysis) is a feature within CA Top Secret. It is not a separate product.
In a nutshell, using CIA involves unloading the information from the security file and loading it into a repository (Datacom or DB2). There are several distributed reports that can be run to report on the data in the repository. You can also set up your own reports or queries if the distributed reports do not meet your needs.
The beginning of the documentation for setting up and using CIA is here:
Using Compliance Information Analysis - CA Top Secret® for z/OS - 16.0 - CA Technologies Documentation
The link Kris posted in his reply is the link to the specific CIA report to accomplish what you are trying to do.
Best regards,
Bob Boerum