The Auditing department has requested that certain libraries be tracked for usage.  How is this done?

With dataset rules, there are 3 options in rule checking, A for ALLOW, L for LOG, and P for PREVENT.  For each dataset checking can be done for allocation A, writing W, reading R and execution E.  As an example, a dataset rule for SYS1.PROCLIB could look like this: 

$KEY(SYS1)
 PROCLIB UID(sysprog uid string)  A(L) W(A) R(A) E(A)  ==> which means the system programmers in the normal use of their job SYS.PROCLIB is logged if they delete or create it, and are allowed for everything else.
 PROCLIB UID(-) A(P) W(P) R(A) E(A)  ==> and everyone else is allowed to read or execute, but not allocate or write to it.
 
So to see who reads, etc. from a dataset, change the permission to an L for LOG.  Then ACF2 will cut SMF record for each user doing that function.   The PROCLIB rule to see who reads or executes except the system programmer would look like:

PROCLIB UID(-) A(P) W(P) R(L) E(L)

The ACFRPTDS report will report on dataset violations, loggings, and TRACE records.

For more information on dataset (ACCESS) rules, see Administer Access Rules
For more information on using the dataset report, see ACFRPTDS - Data Set/Program Event Log