An audit requires information on which certificates are mapped to all (or a specific) certmap(s).
Release : 16.0
Component : ACF2 for z/OS
When a users certificate is passed as part of System Entry Validation (SEV) call, the certificate information is contained in the RACROUTE X500NAME DATA AREA of the RACROUTE call, and will appear in the RACROUTE entry if SECTRACE is active.
The certificate information will not appear in SMF data that is presented in the ACFRPTRV, ACFRPTLL or ACFRPTOM reports.
There is no practical way to expose all the users of a given CERTMAP. The existence of the relationship is only seen at the point in time when the a RACROUTE VERIFY call succeeds, and is not recorded anywhere outside of an active SECTRACE. .
There will be an enhancement in near future, but as of the publish date of this article, there is no timeline.
Note that the list of the latest enhancements are maintained in the techdoc. As of this writing the list was last updated on June 30, 2022.