Broadcom has started to publish their own Vendor Product STIGs for CA Cleanup on z/OS, how to properly secure CA Cleanup using ACF2, Top Secret or RACF on the z/OS Mainframe. STIG Articles provide documented z/OS Mainframe Security Controls to help you move forward in securing your mainframes.
The Broadcom Vendor CA Cleanup STIGs can be found at:
ACF2 – CA Cleanup STIG: https://techdocs.broadcom.com/us/en/ca-mainframe-software/security/ca-cleanup/12-1/using-ca-cleanup-for-acf2/using-stig-articles-for-ca-cleanup-for-ca-acf2.html
Top Secret – CA Cleanup STIG: https://techdocs.broadcom.com/us/en/ca-mainframe-software/security/ca-cleanup/12-1/using-ca-cleanup-for-top-secret/using-stig-articles-for-ca-cleanup-for-top-secret.html
RACF – CA Cleanup STIG: https://techdocs.broadcom.com/us/en/ca-mainframe-software/security/ca-cleanup/12-1/using-ca-cleanup-for-racf.html