There is a recommendation from IBM to change the following parameter from yes to no:
VSM ALLOWUSERKEYCSA(NO|YES)
Is there any impact to CA OPS/MVS if we change the parameter value?
In z/OS 2.1, IBM had changed this parameter value from "YES" to "NO" in order to resolve a security risk from an un-authorized user attempting to modify the CSA. There is no impact to the CA OPS/MVS product regarding this parameter change. Should an impact ever be found, the OPS/MVS team will notify the user community and address the issue.