QUESTIONS:

1.)  Is it possible to list all IBMFAC's defined on a System and across multiple Systems?
2.)  If it is, what's the command please?

ANSWER:

We use IBMFAC determine who has ownership or control over a catalogue, IDCAMS, SMS, DFDSS and other IBM Facilities.
And, the available commands are CREATE, ADDTO, REMOVE, PERMIT, REVOKE, ADMIN, DEADMIN, WHOOWNS, and WHOHAS.

So to find all defined IBMFAC Resources on a System, use the  following command:
TSS WHOO IBMFAC(*)

Then, the following command:
TSS WHOH IBMFAC(resxxxx)
...should be done on all the Resources listed by the 'TSS WHOO' command above so see all the PREMIT'd Resource.

You can then use the CA Cleanup for Top Secret product to see whether these Resources are used or not.

Additional Information.

Please refer to the following manuals:
CA Top Secret for z/OS Command Functions Guide r15, Chapter 4: Resource Classes, sub-heading 'IBMFAC Resource Class—Determine IBM Facilities Ownership'.
CA Top Secret for z/OS Command Functions Guide r16, Chapter 4: Resource Classes, sub-heading 'IBMFAC Resource Class—Determine IBM Facilities Ownership'.