There is a recommendation from IBM to change the following parameter from yes to no:

VSM ALLOWUSERKEYCSA(NO|YES)

Is there any adverse or negative impact to OPS/MVS if we change the parameter value?

 OPS/MVS-Event Management & Automation-for JES2
 

In z/OS 2.1, IBM had changed this parameter value from "YES" to "NO" in order to resolve a security risk from an un-authorized user attempting to modify the CSA. There is no impact to the CA OPS/MVS product regarding this parameter change. Should an impact ever be found, the OPS/MVS team will notify the user community and address the issue.